CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc.

$347.88
4.38 (1.28%)
NASDAQ Global Select
USD, US
Software - Infrastructure

CrowdStrike Holdings, Inc. (CRWD) Q2 2023 Earnings Call Transcript

Published at 2022-08-30 21:48:03
Operator
Thank you for standing by and welcome to CrowdStrike’s Financial Fiscal Second Quarter 2023 Results Conference Call. [Operator Instructions] As a reminder, today’s program maybe recorded. And now, I’d like to introduce your host for today’s program, Maria Riley, Vice President, Investor Relations. Please go ahead.
Maria Riley
Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance, including our outlook for the third quarter and fiscal year 2023 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company’s financial results is included in the filings we make with the SEC from time-to-time, including the section titled Risk Factors in the company’s quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which maybe found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George to begin.
George Kurtz
Thank you, Maria and thank you all for joining us. The CrowdStrike team delivered a strong second quarter headlined by record net new ARR of $218 million as growth accelerated to 45% year-over-year, record net new customer additions and record non-GAAP operating profit. We achieved several additional milestones in the quarter. Ending ARR grew to $2.14 billion on a 59% year-over-year growth rate. We believe this makes us the second fastest software company reported to reach the $2 billion ARR milestone. Ending ARR for our emerging products grew to $219 million, up 129% year-over-year. This included record-setting net new ARR for both Identity Protection and Humio and we also achieved record net new ARR for modules deployed in a public cloud. Quarterly revenue exceeded $500 million for the first time. We added over 1,700 net new customers, another first for the company. Gross retention climbed to a new record for the second consecutive quarter, and dollar-based net retention reached its highest level in seven quarters. We achieved these results while also driving record non-GAAP operating profit of $87 million, a 147% increase over Q2 of last year, and growing free cash flow of 84%. As Burt will discuss in a few minutes, we are raising our revenue guidance for the year and remain committed to delivering non-GAAP operating leverage and 30% or greater free cash flow margin for the year while investing in key initiatives that will further widen the gap between CrowdStrike and the competition. Moving to our markets, the competitive environment remains favorable and our win rates remain consistent. We continue to see strong demand even as organizations responded to macroeconomic conditions. For CrowdStrike, this primarily manifested in the form of increased levels of required approvals on some deals as companies evaluated investment priorities, which can extend the time it takes to close deals. However, cybersecurity is not a discretionary line item. Cybersecurity is a priority for CIOs, CEOs and CFOs and Boards of Directors, and our value proposition resonates strongly with these stakeholders. Deals committed to close in the quarter did close in the quarter, and we entered Q3 with a record pipeline. Over the past several months, I have had many discussions with CIOs, and the message is clear. They are looking to consolidate on a platform like Falcon. They want fewer point products, fewer agents and technologies that consume fewer resources. They need to reduce complexity and simplify operations in their security and IT stack. Complexity is the enemy of security, efficiency and TCO. This business imperative is even more crucial in times when budgets are tightening, which accelerates standardization on trusted platforms that deliver immediate ROI and lower TCO such as CrowdStrike’s Falcon platform. We believe that with increased scrutiny comes increased opportunity for CrowdStrike over the long-term given the Falcon platform empowers customers to consolidate technologies and achieve better protection with less time, fewer resources and lower total cost. This differentiates us from others in the market and we believe positions us well for continued success even in the current macro environment. And we are seeing this dynamic in our business as the number one vendor by market share in both IDC’s 2021 worldwide corporate endpoint security and modern endpoint security categories. Customers are increasingly standardizing on the Falcon platform, driving module adoption, greater wallet share and larger customers, the trademark characteristics of a generational platform. Q2 subscription customers with 5 or more, 6 or more and 7 or more modules were 59%, 36% and 20%, respectively. This represents a 70%, 84% and 105% year-over-year increase in these respective module adoption cohorts. As customers adopt more modules, Falcon is increasingly embedded in their operations and workflows, which we believe leads to higher retention rates and even more opportunities for future expansion. Customer retention is also driven by advanced capabilities built into the platform such as Fusion, our customizable security automation and remediation engine. Utilization of Fusion by customers has continued to increase since its launch. And in just 1 year, approximately 35% of our customers now use Fusion workflows. In the quarter, momentum was strong among customers of all sizes from large enterprises to medium-sized businesses and smaller accounts. We believe our diversified customer base adds to our resiliency and our ability to deliver durable ARR growth over the long term. Ending ARR growth from our $1 million or more ARR customers accelerated in Q2 and continued to grow faster than our corporate average. These larger customers are standardizing on Falcon, consolidating vendors and prioritizing expansion projects that represent sizable cross-sell and up-sell opportunities that are moving forward even under uncertain macro conditions. We are also seeing increased strength in the public sector, which, in Q2, was driven by record sled performance and wins within the U.S. federal and international government agencies. To date, 20 of the 37 U.S. states that our CrowdStrike customers as well as the District of Columbia have standardized on Falcon. One noteworthy development in Q2 was with the state of New York, which is exclusively using Falcon EDR for the newly established joint security operations center. As part of the shared services initiative, New York’s cities and counties in the program will be protected by Falcon. The JSOC program is designed to house cybersecurity assets for multiple levels of government under 1 roof to protect against attacks across New York’s interconnected network and IT services. We believe this is a model program that other states will look to emulate as their communities grapple with the heightened threat environment and cybersecurity skills gap. The second quarter was also a record quarter for our e-commerce sales engine, which is a key factor in our strategy to efficiently reach and serve the small business community at scale. To further support small businesses, during the quarter, we launched our newest bundle, Falcon Go. This starter package is specifically designed as a landing point for smaller businesses with 100 endpoints or less that may be more price-sensitive and looking to transact through our e-commerce or trial program. We also serve small businesses through the MSSP channel. The Falcon platform empowers MSSPs to stop breaches for their customers, simplify operations and drive cost efficiencies. MSSPs are a rapidly growing component of our partner ecosystem, with Q2 year-over-year ending ARR increasing more than 150% and a rapidly growing customer base that is excluded from our reported logo metrics. In Q2, we added over 1,700 net new customers, bringing the total number of reported customers that rely on Falcon to protect their business to 19,686, a 51% increase year-over-year. I’m especially proud to announce one of our new customers this quarter included a leading incident response firm that purchased Falcon for their internal use. We are also pleased with our strong module performance across the Falcon platform. I’d like to highlight a few standouts in Q2. First is Falcon Complete, which has continued to gain strong momentum in the market as companies look to address the growing cybersecurity imperative and contend with the cybersecurity skill shortage. Over 1,000 customers have adopted Falcon Complete since the start of the fiscal year. By leveraging the advanced automation in the platform, Falcon Complete offers customers and partners a way to quickly and cost effectively scale and fortify their cyber defenses with gold standard expertise and technology while lowering their total cost of ownership. As we add modules to the Falcon Complete lineup, customers are standardizing on Complete. An example in Q2 is a payments company that adopted our full suite of Falcon Complete offerings, which includes managed identity and managed cloud workload protection. Next is our emerging product category that solves use cases outside of traditional endpoint protection, but are rapidly becoming core in the minds of customers. This category includes our Discover, Spotlight and Identity Protection modules as well as Humio. We delivered record net new ARR from our emerging products, propelling the ending ARR for this category to $219 million, up 129% year-over-year. Our Identity Protection lineup achieved a record quarter and quickly grew to become the largest contributor to ARR within our emerging category. In Q2, the number of customers subscribing to our Identity Protection modules grew more than 100% quarter-over-quarter driven in part by a new logo attach rate that tripled, with close to 80% of cyber attacks leveraging identity-based tactics to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection. Identity Protection is core to stopping breaches. We see many parallels between this new market and the early days of the EDR market, including a massive greenfield opportunity with an estimated $3.7 billion TAM in calendar year 2022 and a sizable uplift to ASP, which can be north of 30%. With our early and growing momentum, we believe CrowdStrike is well on the way to defining and leading the identity protection category. CrowdStrike Falcon Identity Threat Protection is unique in the industry as it can detect and stop in real time identity-based attacks. And with one easy-to-deploy agent, the Falcon platform can respond to modern attacks with endpoint, identity and workload context without the multi-platform complexity and post-processing other solutions require. Humio had a record Q2 as we secured wins across multiple verticals, including financial services, health care, retail, manufacturing, transportation and professional services. Notable wins included a multinational financial services firm with ingestion requirements of up to 4 terabytes a day that adopted Humio to displace its legacy provider whose query speeds and data ingestion capabilities were inferior and an IT and security services provider in APAC that is now leveraging Humio as the engine to collect and store security and observability data from its growing customer base. Moving from a module perspective to a deployment environment view, our public cloud business delivered a record Q2 with ending ARR growth accelerating quarter-over-quarter for the second consecutive quarter to reach $174 million. Building on the cloud-native application protection platform or CNAPP capabilities we introduced last quarter, this quarter, we announced new CNAPP capabilities to extend support within AWS Fargate to Amazon’s Elastic Container Service, introduced the first AI-powered indicators of attack, comprehensive fileless attack prevention and enhanced visibility for cloud intrusions and introduced Falcon OverWatch cloud threat hunting, the first stand-alone cloud threat hunting service for threats originating, operating or persisting in cloud environments. Cloud is another evolving market where we believe we can significantly expand our share, especially as CIOs look to consolidate vendors and move away from point products. As we discussed last quarter, CrowdStrike’s cloud capabilities stand alone in the market by delivering agent-based and agentless solutions natively from the Falcon platform in a single user interface with a shared data back-end in threat graph. The combination of agent-based and agentless capabilities in the cloud enables pre-run time and run time protection whereas agentless-only solutions can only offer partial visibility and cannot provide run time security. Taking a moment to summarize and put everything we have shared with you today into context. Customers want a trusted platform that seamlessly unifies endpoint, cloud, identity and data, redefining what core cybersecurity means. CrowdStrike is leading this replatforming with Falcon, and we see no other competitor with a comparable offering. I believe the CISO of a county on the East Coast said it best, and I quote, it’s hard to remember the days when I didn’t have immediate 24/7 remediation, vulnerability reports on every device, discovery of every asset on my network and a clear understanding of every account login, but I’m never going back. I want to thank each and every CrowdStriker for your passionate focus to make us the best in the business. It is your work that earned CrowdStrike’s recognition as a winner in the Best Security Company category for the 2022 SC Awards U.S. and Falcon XDR as a winner in the Best Emerging Technology category for the SC Awards Europe 2022. Before I turn it over to Burt, I would like to invite our investors and analysts to join us at Falcon in Las Vegas in September. Similar to last year, in conjunction with the event, we will hold an investor briefing featuring conversations with customers, partners and industry experts. To join in person, please contact our IR team for the registration information. The briefing will also be webcast live on our IR website. With that, I will turn the call over to Burt to discuss our financial results in more detail.
Burt Podbere
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue, mentioned during my remarks today are non-GAAP. We delivered another outstanding quarter, exceeding the high end of our guidance on all metrics. Strength in multiple areas of the business and superb execution by the CrowdStrike team translated to rapid growth at an increased scale, record non-GAAP operating profit and strong cash generation. In the second quarter, we continued to maintain very high unit economics, drive leverage and remain very capital-efficient. We also continued to execute on our investment plan for the year, fueling innovation on the Falcon platform, expansion into new markets and growing the CrowdStrike team. Our second quarter results are a testament to the resilience of our markets, value of our platform and the ongoing durability of our SaaS business model that provides excellent visibility and enables us to deliver high growth with strong profitability and free cash flow. In the quarter, ending ARR grew 59% year-over-year to surpass the $2 billion milestone. Net new ARR growth accelerated to 45% year-over-year. We delivered a record $218.1 million in net new ARR, representing our strong momentum in the market. The composition of net new ARR in Q2 was very well balanced across deal size with no outsized contribution from any 1 deal. Our dollar-based net retention rate was above our benchmark, reaching its highest level since Q3 in fiscal 2021. Gross retention reached a new record for the third consecutive quarter, demonstrating our strong commitment to stopping the breach, delivering value to customers and restoring trust to the security posture of companies worldwide. As George mentioned, we are also seeing more customers standardize on the Falcon platform and adopt more modules. We believe these trends will create an enduring business opportunity for the years to come. Moving to the P&L. Total revenue grew 58% over Q2 of last year to reach $535.2 million. Subscription revenue grew 60% over Q2 of last year to reach $506.2 million. Professional services revenue was $29.0 million, setting a new record for the eighth consecutive quarter and representing 32% year-over-year growth. In terms of our geographic performance in Q2, we continued to see strong growth in the U.S. at 53% and international revenue growth at 73% year-over-year. Second quarter total and subscription non-GAAP gross margins remained relatively consistent at 76% and 78%, respectively. As we continue to invest for growing demand, we are pleased with our strong subscription gross margin performance, which remains within our target model range. During the quarter, we executed on our plan to invest in new technologies, international geographies and marketing programs. We are also executing our 2023 hiring plan and pleased to report that we added a record number of net new hires for the second consecutive quarter. Bringing on and retaining top talent is a cornerstone to supporting our product road map, future growth and market share gains in new markets. We believe the investments we are making today will lead to sustained growth over the long term and maintain our position as a trusted security partner of choice. Given our strong top line, disciplined approach to investing and efficient sales motion, we were able to make these investments while also driving increased leverage and profit. Total non-GAAP operating expenses in the second quarter were approximately $321.4 million or 60% of revenue versus $222.4 million last year or 66% of revenue. In Q2, our Magic Number was 1.3, reflecting the phenomenal efficiency of our go-to-market engine. We believe a Magic Number in excess of 1.0 indicates very favorable go-to-market efficiency and supports our current investment plan. Second quarter non-GAAP operating income more than doubled, growing 147% year-over-year to reach a record $87.3 million. And operating margin improved by 6 percentage points year-over-year to reach 16%. Looking at the first half of fiscal year 2023, non-GAAP operating income grew 162% year-over-year to reach $170.3 million and 17% of revenue. Non-GAAP net income attributable to CrowdStrike in Q2 also more than tripled over the prior year, growing to a record $85.9 million or $0.36 on a diluted per share basis. Our weighted average common shares used to calculate second quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 239 million shares. We ended the second quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $2.32 billion. Cash flow from operations grew 94% year-over-year to $209.9 million. Free cash flow grew 84% year-over-year to $135.8 million or 25% of revenue and reflects our planned increased capital investments, which more than doubled year-over-year. Moving to our outlook. Given the growth drivers of our business as well as our strong second quarter performance, record pipeline and record gross retention rate, we are raising our revenue guidance for the fiscal year 2023. At the same time, we have factored in what we believe is an appropriately pragmatic view with respect to the current global macroeconomic backdrop. While we do not guide to net new ARR, given the unseasonal strength in net new ARR delivered in both Q1 and Q2 of this fiscal year, we believe it is prudent to assume less pronounced quarter-to-quarter seasonality in the back half in comparison to prior years. Also, as a reminder, we suggest that investors adjust their seasonality expectations to exclude the impact of significant large deals such as the two approximately 8-figure accounts we discussed in Q4 of last year. On the bottom line, we are also raising our guidance for fiscal year 2023. And as our guidance reflects, we remain committed to deliver non-GAAP operating margin leverage for the year while continuing to invest in the business. We also remain committed to achieving 30% or more free cash flow margin for the year. For the third quarter of FY ‘23, we expect total revenue to be in the range of $569.1 million to $575.9 million, reflecting a year-over-year growth rate of 50% to 52%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $72.7 million to $77.7 million and non-GAAP net income attributable to CrowdStrike to be in the range of $73.0 million to $78.0 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.30 to $0.32, utilizing a weighted average share count of 241 million shares on a diluted basis. For the full fiscal year 2023, we currently expect total revenue to be in the range of $2,223.0 million to $2,232.0 million, reflecting a growth rate of 53% to 54% over the prior fiscal year. Non-GAAP income from operations is expected to be between $321.8 million and $328.5 million. We expect fiscal 2023 non-GAAP net income attributable to CrowdStrike to be between $313.7 million and $320.5 million, utilizing 240 million weighted average shares on a diluted basis. We expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $1.31 to $1.33. George and I will now take your questions.
Operator
[Operator Instructions] And our first question comes from the line of Saket Kalia from Barclays. Your question, please.
Saket Kalia
Okay, great. Hey, folks. Thanks for taking my question here. George, a lot of great stuff to talk about, but maybe the one that I’d love to hone in on is the higher attach rate on identity. Can you just remind us whether the identity module here is displacing something else within your customer base and what do you think is driving that higher attach rate to new logos?
George Kurtz
Yes, great, Saket. Thanks for the question. It’s not displacing anything because nothing else exists. And that was one of the things that we really got ahead of with our Preempt acquisition well before anyone else in the market. And when we think about the sort of attacks that are out there, 80% of the attacks leverage compromised identities and lateral movement, which is a big part of how breaches occur. So when we think about our identity module, which is baked into our agent, single agent, it’s much differentiated from everything else that’s out there. It works with Active Directory and Azure AD. It’s been a real game changer for customers. And I continue to see customer feedback even during the proof of value stage that they have never seen this level of visibility in their identity and Active Directory infrastructure and they continue to find many, many weaknesses. So to me, it’s a real game changer and I think it can be as big as XDR and it’s going to be a core module going forward.
Saket Kalia
Very helpful. Thanks, guys.
Maria Riley
Operator, you can please take our next question.
Operator
Thank you. Our next question comes from the line of Andrew Nowinski from Wells Fargo. Your question, please.
Andrew Nowinski
Congrats on another great quarter. I just wanted to ask about your new logo adds. It looks like you added four Fortune 100 customers this quarter, which I presume were larger deals, even though you said there were no outsized deals in the quarter. I’m wondering, your new logo adds in total only increased maybe mid-single digits. But I’m wondering if you’re just focusing on larger customers now or if you’re seeing more customers starting the initial deal with more modules like Preempt and Humio, etcetera, that might – whereas it might have been a smaller initial land a year or 2 ago. Thanks.
Burt Podbere
Hi, Andy, it’s Burt. Thanks for the question. So first and foremost, we’re very pleased with the net new logo count of 1,741, a new record for us. And we’re pleased with what we’ve seen in the makeup of the 1,741 new logos. I think that when we go through the various details with respect to the new logos, we found that, hey, we got new logos coming in from large companies. We have new logos coming in from smaller companies. And as typical, the velocity is driven more by mid-market and SMB. It’s also worthy to note that we do have a very strong MSSP business. We talked about the fact that it’s grown 150% year-over-year, and that is not reflected in the 1,741 in terms of net new logos. So overall, we are very pleased with the Q2 performance. We think that we have great opportunities to go after new logos and to continue to gain new business, especially when you think of the backdrop in terms of what’s available to us, sure, just under 20,000 logos to date. That’s great, and we’re very pleased about that, but when you think about the overall market that’s available to us that’s a very small number. And so we think that we’re still in the very early innings in terms of net new logos that we can go after.
Operator
Thank you. Our next question comes from the line of John DiFucci from Guggenheim Partners. Your question, please.
John DiFucci
Listen, George and Burt, really impressive results here, especially given the macro backdrop. But George, you mentioned that security is not discretionary, and that makes sense. But when you win, you’re displacing someone at least for your core products in our observation because we’re old, I guess. If this becomes a prolonged and even perhaps deeper macro slowdown, what we’ve seen is that customers start to freeze. It’s almost as if they have gotten by with what they have up until now, and then they don’t want to introduce any more change, which brings risk. And there is enough risk in the macro environment. I’m just wondering, how do you see this developing going forward? Because you’ve avoided this up until now, for sure. But how do you think it happens going forward, not only for CrowdStrike, but even for the broader security, IT security space? Because a lot of your brethren have sort of held up really well in this, too.
George Kurtz
Well, I think it goes to the durability of security and the business model that we’ve built and certainly the platform play. And I think if you’re a point product, your comments will resonate. I think when you look at a true platform like CrowdStrike, the conversations that we are having, and I’ve had many of them with CIOs, Board members, CEOs over the last quarter – couple of quarters, and it really was about how do we do more with CrowdStrike, we want to consolidate. So we didn’t necessarily see them freezing. We saw them thinking about how they could spend more with CrowdStrike and reduce their overall spend in security. And as we’ve talked about before, we spend a lot of time in value selling and something we call our business value assessment where we actually compute an ROI, which typically is 150% within the first year. So that’s the kind of strategic conversations that we’re having up and down the stack. And then when you think about the macro environment, people don’t want to add heads. Falcon Complete is a game changer for them. They couldn’t do what we do for the price that we charge. I mean they need an army of internal people to try to do what we do, and it’s just not possible with the level of expertise. So we look at the macros and opportunity at CrowdStrike to further consolidate in our customer base.
Operator
Thank you [Operator Instructions] Our next question comes from the line of Rudy Kessinger from D.A. Davidson. Your question, please.
Rudy Kessinger
Hi, guys. Thanks for taking my questions. Certainly, a lot to like here given the macro backdrop. I guess if I narrow in on one – maybe one metric, the customers with 6-plus and 7-plus modules, that stepped up 1 point from Q1. But the customers – percentage of customers with 5-plus was flat at 59%. We’ve seen that figure go up 2 to 3 points a quarter for the last several years now. Anything to note there? Did you see any customers on the new logo front that maybe just given the macro, maybe took one or two fewer modules to start out? And if so, obviously, identity sounds like that attach rate is increasing nicely. But any modules in particular that saw maybe a bit more of an impact to demand than others?
Burt Podbere
Hi, this is Burt. So great question. So when we think about the module, that has been doing really well. We go back to the April 7 webinar when we talked about the hyper growth modules, and these are modules that have year-over-year growth rates that are significantly higher than the overall customer growth. And we zoom in on a few of them. There are things that we’ve been talking about for a long time like Spotlight. That’s our vulnerability management product module, and that’s gone really well. We think about some of our cloud modules, whether they are our Cloud Workload Protection or Horizon, these are getting traction. But also the Identity Threat Detection. George just talked about it. We’re really excited about how that’s been taken up by not only the existing customer base, but by new customers that are coming in and enjoying all the benefits of attaching themselves to a true cloud-native platform. And so I think that there are a lot of opportunities to go in terms of more module adoption with customers. As you said, we’ve had an uptick on both the 7 plus and 6 plus. And I think that we’re going to continue to see customers come in enjoying all benefits of attaching themselves through the cloud-native platform. And so I think that there are a lot of opportunities to go in terms of more module adoption with customers, as you said we have had enough take on both the 7 plus and 6 plus and I think that we are going to continue see customers come in and land with more modules in the future and certainly as we continue to come out with new modules. So we’re excited about those module adoption rates, and I think they are best in class, and we’re glad to see that we saw the uptick of the – in the 6 and 7. And remember, we got rid of the four category, which is amazing. That was over and above that 70% benchmark. So that was exciting and encouraging just in and of itself. Good question, though. Thank you.
Operator
Thank you. And our next question comes from the line of Matt Hedberg from RBC. Your question, please.
Matt Hedberg
Great. Thanks for taking my question, guys. George, for you, the other thing, obviously, we’ve been talking about Humio for a while. It’s great to see it had another record quarter. When you think about your expansion motion, what are [Technical Difficulty]
Burt Podbere
Instrument things like Kubernetes clusters when you look at the ability to flow data into something like an Elastic, they are certainly looking for alternatives. And Humio’s flexibility is the fact that it can take data from anywhere, and it can do that ingestion-free. It doesn’t need an index, and it’s very, very efficient from a cost perspective. So we continue to get pulled into security and non-security deals. We had a record Humio quarter with some great wins. We see frustration with incumbent vendors across the SIEM space as well as the observability space. And a lot of times, companies will – they’ll try to roll their own. They’ll go to open source and try to pull in different stacks. And it’s really complex. And they just love the ease of use and the flexibility that Humio provides. So we continue to be extremely bullish on Humio and its various use cases, which are security, non-security-related. And we had some great wins in both SIEM replacement, in log management as well as observability.
Operator
Thank you. And our next question comes from the line of Rob Owens from Piper Sandler. Your question, please. Rob Owens, your line is open.
Rob Owens
Sorry, my phone cut out there. Hi, guys. Thanks for taking my questions. George, I would love for you to expand around your comments on consolidation. And we’ve seen a few cycles, obviously, maybe not as many as Mr. DiFucci, who admitted to his age earlier. But that being said, why here and now given we’ve had platform plays before? And do you think this is economic, this is technical, part of the problem set? Thanks.
George Kurtz
Sure. I think now is the time given the current macro. And when we think about platform plays, we’re both probably showing our age, but there aren’t a whole bunch of platform plays out there in security, and I think that’s one of the things that we’ve really focused on from a CrowdStrike perspective, to be that foundational cloud platform that you think about in other spaces. So now that a true platform company is out there covering 22 modules, it really is the perfect opportunity with the current macro backdrop. And it certainly has stimulated the conversations in our ability to reduce costs and complexity for large and small companies. And then when you combine that with a very unique offering again with Falcon Complete, customers are – they are not interested in adding a bunch of heads, right? So they want to take advantage of the offerings that we have in that area where we can do it much more cost effectively and efficient than they ever can with a better outcome. So I think it’s really a combination of a robust platform with many, many modules in multiple categories as well as some of the very unique offerings like Falcon Complete that has really driven the conversation home with customers. Again, better outcome, but we’re having that financial discussion at the right levels with many large and small customers. Thank you, Rob.
Operator
Thank you. Our next question comes from the line of Alex Henderson from Needham. Your question, please.
Alex Henderson
Great. Thank you very much. So a lot of people have, over time, thought of you guys as an endpoint company. Obviously, we’ve always thought of you as a platform. The first thing you ever told me was you’re a platform, and I totally agree with it. And there is been a lot of conversation about price pressure. As an endpoint company, I’ve seen price pressure or some churn. And I think the statistics here strongly suggest that you’re not seeing either. I was hoping you could talk a little bit about the proof points that, a, you’re not seeing any pricing pressure; and b, there is no evidence of any customer churn. I think your gross retention being at a record is a pretty good indicator of that as well as the GMs and the net retention rates. But could you talk to those two issues a little bit?
George Kurtz
Sure. And I think I’ll start with the latter comments you made. If you look at our gross retention, at a record, if you look at net retention, just how well we’ve done, and obviously, we will put that out at the end of the year, what it means is customers like our technology, they stay with us and they buy more from us. In a market like ours, there is always going to be companies like to compete on price because they are AV only. And I think you’ve got to look at our platform and say, well, you’ve got AV, which is differentiated, but it’s one module. And if companies are trying to compete on price there, at the end of the day, what we’re selling is prevention of breaches, right? It’s not just malware prevention, which we’ve seen a lot of companies, legacy and non-legacy, just try to focus on that. And if that’s where they started as an AV company or next-gen AV, and then it pulls other things on, it really isn’t a true platform. And I think the genius and the beauty of what we built here is probably the most scale way, using cloud architecture on the planet in terms of our ability to ingest, no reboots, you deploy it immediate time to value, and it just works. So even if there was pricing pressure in one module, which we don’t always see, I mean, obviously, there is competition out there, when we put together all of the modules, our ability to consolidate, our TCO play with a real ROI, this is very compelling for customers large and small. So again, there is always been lots of companies in our space. And I think to your point, we’ve proven that while our form factor is agent cloud, we’re doing many more things in a different way that go beyond just traditional endpoint protection.
Operator
Thank you. Our next question comes from the line of Fatima Boolani from Citi. Your question, please.
Fatima Boolani
Hey, good afternoon, gentlemen. Thank you for taking my question. George, maybe this one is for you. Just with respect to some of the traction and sort of the hyper growth trajectory you’re seeing with capabilities that are embedded in Falcon Complete and even OverWatch, I think one of the things that some of your competitors, your peers in the past have stumbled into is sort of the rules of engagement with the channel. And yet you disclosed doing MSSP business that was up 150% year-over-year. So I’d love to kind of get your perspective on how you’re sort of threading that needle between staying cooperative without getting too competitive and really driving triple-digit growth in modules and capabilities that otherwise on the surface would seem to sort of encroach into some of your partners’ business and franchises. Thank you.
George Kurtz
Sure. That’s a good question. And I think there is a lot of fud from our competitors out there because they don’t have anything like Falcon Complete, as an example, which is absolutely top of the industry. And when you look at what we’ve done, we try to make it a win-win. You look at a partnership like what we have with Mandiant. Obviously, we’ve got these capabilities in certain areas, but they are leveraging our technology. And that’s the key area. Can they leverage our technology as they bring us into account? Fantastic. We’re happy with that. Or in some managed service providers, they’ll take our offering and then – and kind of rebundle it into a broader offering that might cover network or other areas, and we’re happy with that, too. And as a manufacturer, we are experts in what we do. So we try to make it a win-win, and that’s the reason why our MSSP business has grown so dramatically, a, it’s the best technology, and the rules of engagement have been really important. There are deal edges. We protect the account. And then we also focus on leveraging our services as part of a broader service that an MSSP have – has. And at the end of the day, the numbers don’t lie in terms of our success there. So that’s what we’re focused on, the facts, not the fiction.
Operator
Thank you. Our next question comes from the line of Roger Boyd from UBS. Your question, please.
Roger Boyd
Hey, thanks for taking the question. Congrats on the impressive results. Wanted to go back to cloud security. Really impressive growth there. I think you’ve done a really good job of proving out the need for a tightly integrated agent plus agentless technology, but I was curious if you could talk a little bit about the reception you’ve seen specifically to the Horizon product and how you think that backs up against the pure plays out there. Thanks.
George Kurtz
Sure. We’re absolutely excited about Horizon as well as the combination of Cloud Workload Protection, and we think it stacks up very well. And more importantly, where is the differentiation? The differentiation is in things like the ability to actually protect the workload and the infrastructure, right? So you’ve got agentless in Horizon, and you’ve got our Cloud Workload Protection, which we have tremendous capabilities there. This is what customers want. If you look at the pure plays out there, they are just covering agentless. And candidly, that’s the easiest thing to do because you just plug into APIs. We’ve got to build some workflows around it, and there is certainly some good competitors in the market. At the end of the day, it’s really the combination of an agentless on a platform that’s going to give you visibility in the cloud as well as in your hybrid data centers. And that’s what we’re seeing. We continue to add many, many capabilities. We’ve added OverWatch threat hunting for cloud. We’ve got dynamic container analysis and image assessment. So we continue to build in those areas, and we’re seeing a great reception. And I think when you look at our heritage of threat intelligence and things like indicators of attack, a lot of our competitors are just doing sort of policy misconfigurations and not really – they are not really able to understand if they are under attack or where an attack might be possible. And we’ve applied that indicator of attack knowledge from our endpoints into the cloud. So we feel really good about that. Obviously, everyone is in the early innings in the cloud journey, which is exciting because it’s a greenfield opportunity. And we feel like we have got the right products and the right go-to-market motion around it.
Operator
Thank you. Our next question comes from the line of Joe Gallo from Jefferies. Your question please.
Joe Gallo
Hey guys. Thanks for the question. Just a follow-up to John’s earlier question, no comment on his age, by the way. George, on those extra levels of scrutiny, any incremental context? Were they SMB or enterprise? Any geo-location specifically? And are these deals pure cyber, or are they broader with Humio and other infrastructure aspects? And then, Burt, are you including any extra conservatism in your guidance because of those? Thanks.
George Kurtz
Yes. I think if you look across either geographies or segments, I mean there is nothing that really stands out. It’s really company-dependent and industry-dependent. And again, you would expect an additional level of scrutiny. The beauty is as I called out in the report and the script is the fact the deals that we forecast post close, right? And I think that’s really important when we think about the current macro backdrop. And what we are doing is really, from a sales perspective, make sure we are getting ahead of it, right, through our DVA process, making sure that we have got all of who we need and understand the accounts and who has to sign off because there is additional sign-off that has to happen. So, that’s sort of my commentary on that. I don’t know, Burt, if you want to add to it.
Burt Podbere
Yes. Just on the guide, I mean I think we have stuck to our guns. We guide to what we see, not to what we don’t see. And we took an appropriately pragmatic view on the macro. And that’s how we looked at the guide for this year.
Operator
Thank you. Our next question comes from the line of Ittai Kidron from Oppenheimer. Your question please.
Ittai Kidron
Thank you, guys. Great quarter. A couple for me. George, you haven’t talked about XDR, the XDR Alliance and how is traction moving along there. Maybe you can give us an update. And then for Burt, FX, you haven’t mentioned that at all in the quarter. Can you talk about the impact to your business on FX and how it’s impacting you globally?
George Kurtz
Yes. Perfect. I will start. When we think about XDR, it’s going very well. And in fact, we have got some, I think great announcements at Falcon. So, we talked about that in our script of making sure that people attend that or even our investor event virtually. So, we continue to build out our alliance. We have actually also partnered with AWS in some of the efforts that they have to standardize on open formats, which I think is good for the industry. We continue to add integrations. And again, when you look at our XDR approach, it starts with the best EDR and our ability to add third-party information into our decision-making. So, so far, so good. I think us included as well as the rest of the industry, it’s still an emerging category and there is a lot of marketing hype around it. And we are focused on delivering the best technology outcome for customers and it really extending that experience that we have with our Insight product, which is, in our opinion, the best EDR in the market and extending that to third-party. So, the workflows are similar and we are looking for additional detections that are outside of just the endpoint domain. So, that’s a little bit about XDR.
Burt Podbere
Yes. I will jump in, George, leaning on the FX question. I think there was nothing material or we would have talked about it. We primarily invoice in U.S. dollars, but we do have expenses incurred in currencies out of the U.S. But on the deal side, it goes back to what George has been talking about. It’s the platform play. It’s lowering TCO. It’s all those things that we are able to bring to bear that nobody else can.
Operator
Thank you. Our next question comes from the line of Hamza Fodderwala from Morgan Stanley. Your question please.
Hamza Fodderwala
Hey guys. Thanks for squeezing me in. Just a quick one for Burt. I was wondering if you could give more context on your comments around second half seasonality. I think normally, Q4, generally stronger. Q3, you do see a little bit of lighter seasonality, although you do have the Fed vertical really take off during that quarter. So, can you give us a sense of how the net new ARR patterns should be? Should it be similar to last year, year before that? Just any color you could give us would be really helpful.
Burt Podbere
Sure. Take a step back and just look at the current quarter. We have outperformed our expectations for, really, the full first half of the year. I am really pleased with our strong start to the year with record pipe. We just posted $218 million in net new ARR, and of course, really pleased about that. And we expect to see a seasonal build throughout the year, albeit less pronounced quarter-to-quarter seasonality in comparison to what we have seen in the prior years. So, that’s how I would frame it.
Operator
Thank you. Our next question comes from the line of Shaul Eyal from Cowen. Your question please.
Shaul Eyal
Good afternoon guys. Congrats on the solid performance. George, last quarter, Preempt grew 30% quarter-over-quarter. This quarter, it’s accelerating to 100%. In recent months, we have witnessed an accelerated level of consolidation, specifically within the identity category, paying SailPoint to name a few. How is that impacting Preempt’s business in the context of both displacement and greenfield opportunities?
George Kurtz
Well, a good question, and I will reiterate again as I do I think on every call that we partnered with Ping and Okta and others, right. And our identity product is really specific to the endpoints and active directory in terms of identity threat protection and detection. So, we continue to work with them. And I think when you look at the environment today, there is just a continued demand for having a handle on identity. And we are one piece of it on the endpoints of servers and the direct restructures. And there is other players in the market that handle identity access brokering, etcetera. So, from our standpoint, we, as I reiterated, continue to see very, very strong demand with a very differentiated technology. As you pointed out, 100% quarter-over-quarter growth. New logo attach rate tripled quarter-over-quarter. And the answer is why it gets back to the architecture, the single lightweight agent, very easy for us to activate it, very easy for us to activate it at scale and trials. And a lot of times, what we will see is when there is high threat environments, customers will activate and get immediate value, and then we can convert them over into paying customers. So, again, this is, I think going to be a standout for us, a, in terms of the acquisition we did and also in terms of the integration and our ability to go to market with it.
Operator
Thank you. And our final question for today comes from the line of Gregg Moskowitz from Mizuho. Your question please.
Gregg Moskowitz
Hi. Thank you for taking the question. Congrats on a very good ARR performance. I did want to ask about RPO, which historically has risen by double digits sequentially in Q2 period, although this quarter went up mid-single digits. Were there any changes to average duration? Is this perhaps somewhat reflective of the increased levels of approval that you noted earlier, or is there anything else that you would call out? Thanks.
Burt Podbere
Hey Gregg. Thanks for the question. So, really I think the focus really is on net new. That really – net new ARR, that’s really the one that tells the health of the business as opposed to RPO or as opposed to billings or what have you. And we are excited about the fact that we are going in with a record pipeline. We have just posted the strongest net new ARR quarter in company history. So, I think that when you think about reaching a record $218 million in net new with any outsized deals, you are really showing strong health in the business. And so overall, we are just really pleased with the results. And that’s the metric that we zoom in on. That’s the metric that our whole company is rallying around, and that’s the focus for us.
Operator
Thank you. This does conclude the question-and-answer session of today’s program. I would like to hand the program back to George Kurtz for any further remarks. End of Q&A:
George Kurtz
Great. Thank you. Well, I certainly want to thank all of you for your time today. We appreciate your interest and look forward to seeing you in person at our upcoming Falcon conference and our Investor Day via webcast. Thank you so much. And that concludes the call.
Operator
Thank you, ladies and gentlemen for your participation in today’s conference. This does conclude the program. You may now disconnect. Good day.