CrowdStrike Holdings, Inc. (CRWD) Q2 2025 Earnings Call Transcript
Published at 2024-08-28 20:19:07
Hello, and welcome to CrowdStrike's Fiscal Second Quarter 2025 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, we will conduct a question-and-answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead.
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the third quarter and fiscal year 2025, and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time-to-time, including the section titled Risk Factors in the company's Quarterly and Annual Reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.
I would like to start today's remarks with my apology to everyone impacted by our Channel File 291 Incident, which transpired on July 19. I also want to take this moment to show my gratitude to everyone who worked with us through the incident. Thank you to our customers and partners for your continued trust. Thank you to our team of relentless CrowdStriker’s for living our mission. Thank you to the broader cybersecurity and IT community for standing with us as we face the most challenging event in our company history. The magnitude of the July 19 incident will never be lost on me and my commitment is to make sure this never happens again. The days following the incident were among the most challenging in my career because I deeply felt what our customers experienced. Our response to the July 19 incident was immediate, deliberate, and focused. We activated CrowdStrike's crisis response plan to lead through the incident. We clearly communicated status with customers, partners in the market at large on our website, social media, email, phone, and broadcast. Our technical teams devised new automated recovery techniques for accelerated response. Our efforts were 100% focused on bringing impacted devices back online with the highest level of speed and transparency. This included the mobilization of CrowdStrikers in our partner community to communicate proactively and transparently with customers, as well as the market at large, and then recover impact at hosts. For many, recovery was within hours. We've already implemented the following actions to build a more resilient Falcon platform. First, enhanced content visibility and control. While sensor version control was always a cornerstone of the Falcon operational experience, we've already released new content control configurations. This allows customers to choose when and where new Falcon content is deployed with new granular controls. Second, content QA enhancements. We already shipped an enhanced content validator and content interpreter, two of the components which did not properly function. These components have been refactored to prevent shipping erroneous content and were both made GA earlier in August. And third, external review and validation. We've engaged two independent third-party software security vendors to review the Falcon sensor code and quality control process. This ongoing work focuses on enhancing security and resiliency over the short, medium, and long-term. These three major actions are in addition to an enhanced content release process. Our content release process now mirrors the sensor release regimen. It consists of sample testing, internal lab, and canary systems testing, early access soaking, and lastly a staggered concentric ring deployment in adherence with customer policy settings. The July 19 incident starts a new chapter for CrowdStrike, one focused on ensuring that cybersecurity's best AI platform for SOC operations, protection, visibility, response, and automation is also cybersecurity's most resilient platform. With built-in redundancy modes, new content controls and enhanced safeguards, we've immediately addressed learnings from the incident and will continue to apply and evolve these lessons into our future. Moving to our Q2 results. Our execution following the July 19 incident highlights the resiliency of CrowdStrike's business. Our focus on transparency and accountability continues to inspire trust. Our track record and third-party validation of delivering the industry's best AI-powered protection continues to resonate at scale. As the July 19 incident was in the final two weeks of the quarter when a meaningful portion of our sales typically close, it delayed deals into subsequent quarters. The vast majority of these deals remain in our pipeline. Despite this impact, I'm encouraged by the results we delivered. The enduring trust that prospects, customers, and the market have in CrowdStrike is demonstrated by our Q2 performance. Ending ARR of $3.86 billion, growing 32% year-over-year. Q2 net new ARR of $218 million, up 11% year-over-year within our pre-incident stated assumptions. Q2 revenue of $964 million also ahead of our guidance. Record non-GAAP operating income of $227 million, growing 46% year-over-year. GAAP profitability for the sixth consecutive quarter, and free cash flow of $272 million at 28% of revenue with a free cash flow Rule of 60. These financial results illustrate the resilience of our business and our team. Customers, prospects, and partners recognize CrowdStrike's technological leadership and role in serving the market need for ongoing platform consolidation. This is why they continue to choose CrowdStrike. In the 100s of customer interactions I've had since the July 19 incident, organizations of all sizes thematically shared three messages with me. First, necessity to understand the incident, our response, and our actions to ensure it doesn't happen again. Second, acknowledgment of our trust record, gratitude for CrowdStrike safeguarding their organization over the years, and third, steadfast support for CrowdStrike continuing to be cybersecurity's innovation leader and their consolidation partner of choice. The breadth and depth of the Falcon platform spans 28 modules that revolutionize cybersecurity, stopping breaches for tomorrow's AI-powered SOC, covering cloud security, identity protection, device security, data protection, IT automation, and next-generation SIEM, our portfolio is diversified. CrowdStrike is much more than EDR and we appeal to a variety of personas across cybersecurity, IT, digital, risk, and compliance teams. Over the past year, our LogScale next-gen SIEM, identity protection, and cloud security businesses each expanded the power and reach of the Falcon platform, each representing resilient growth vectors outside of what was once considered our market back when I started the company. In Q2, our LogScale next-gen SIEM, Identity protection, and cloud security hyper growth businesses together surpassed $1 billion in ending ARR and grew more than 85% year-over-year. These results reaffirm our continued and increasing investment in innovation, assuring in the next chapter of the Falcon platform. Let me provide a few examples showcasing how these products are disrupting their respective markets. Importantly, each of these customer wins was closed after the July 19 incident began. I'll start with Falcon Cloud Security, the industry's only integrated CSPM, ASPM, DSPM, CIEM, CWP agent, and agentless solution. CrowdStrike's Cloud Security business is now more than $515 million in ARR and grew faster than 80% year-over-year. Two noteworthy post-July 19 wins, an eight-figure deal in a major enterprise software firm where Falcon Cloud Security was already running on a part of the environment, replacing another next-gen Cloud Security vendor allow this customer the opportunity to standardize on Falcon Cloud Security for ease of management across broad distributions and superior cloud security protection. Next, a nine-figure Falcon Cloud Security purchase across a million hosts in a large enterprise for their production environment. Falcon Cloud Security's leading protection, visibility, and operational scoring in their evaluation placed CrowdStrike ahead of other cloud security products. Falcon Identity Protection continues to set the industry standard in the identity threat detection and response space. As of Q2, identity ending ARR surpassed $350 million, growing over 70% year-over-year. We pioneered this category and it's a key differentiator in our XDR value proposition. Now let's move to the LogScale next-gen SIEM business, which is greater than $220 million in ARR and grew more than 140% year-over-year. The SIEM market continues to be in a state of renaissance where organizations of all sizes are drafting their next chapter of security and IT data management. Our LogScale next-gen SIEM momentum showcases CrowdStrike's ability to displace legacy SIEMs at scale and capitalize on market demand for AI-powered SOC operations. Two exciting post-July 19 wins include an eight-figure win in which LogScale next-gen SIEM replaced two legacy SIEMs. This customer was already a large CrowdStrike customer and the ability to store, visualize, and action large amounts of first-party CrowdStrike data natively in the platform significantly lower cost by more than 60% while increasing functionality. Ingesting third-party data into the Falcon platform is not only more cost-effective, but also differentiated in our incident workbench, which brings novel visibility and AI-powered response to the hands of every SOC analyst. What once took two Legacy SIEMs is now natively in Falcon. And finally, a leading generative AI company that started using LogScale next-gen SIEM over a year ago standardized on the technology and a seven-figure win. Winning the totality of their SIEM business as well as observability use cases was a function of LogScale next-gen SIEM search speed, the native nature of Falcon data coupled with third-party data, and response actions and improved TCO relative to their legacy SIEM. I'm reassured by customers' and prospects' feedback, wanting to do more with CrowdStrike post-incident as evidenced by multiple seven and eight figure platform expansions with most opting for multi-year deals. Eliminating complexity is a key component of achieving resilience and we see the Falcon platform continuing to help solve a wide range of customer problems, simplifying cyber security, and most importantly, stopping breaches. Our partner first go-to-market continues to deliver at scale, connecting our technology platform with new and existing customers. CrowdStrike's preeminent partner position as a top security vendor by business size and number of transactions serves as a competitive moat. In Q2, 66% of our new logo business was sourced by our partners, showcasing our best-in-class partner go-to-market. In Q2, our Systems Integrator business grew over 100% year-over-year, highlighting Falcon as an industry driver in delivering multi-disciplinary cybersecurity transformation. Our partners were instrumental in helping customers recover with noteworthy engagement from Accenture, KPMG, and EY among a dozen others. Our strategic alignment and deep partnership extend our reach. In this vein, global system integrators are increasingly becoming a central part of our partner strategy as the Falcon Flex subscription model highly resonates with the transformative nature of GSI engagements. We unite and align our entire partner ecosystem with our use of cloud marketplaces in CrowdStrike's go-to-market. We've demonstrated the success and results of this strategy with AWS, helping customers not only secure their AWS cloud services, but also procure CrowdStrike for the full range of their of their cybersecurity needs. Now two quarters into our expanded relationship with Google, CrowdStrike is the fastest-growing cybersecurity vendor on the Google Cloud marketplace this year. Customers of all sizes are increasingly looking to utilize their committed hyperscaler spend, adding an additional layer of resilience to our go-to-market. Aligning our entire ecosystem from reseller to systems integrator, MSSPs to distributors makes CrowdStrike cybersecurity's partner of choice, with CrowdStrike, the entire ecosystem wins together. Our resilient business platform and go-to-market position CrowdStrike to execute on our unchanged vision and mission, whether on July 18 or today, on August 28, our TAM and market opportunity remain unchanged. This is because, first, the need for cybersecurity simplification. Organizations of all sizes remain eager to simplify, consolidate, and rationalize their cybersecurity product lineups. Streamlining operational processes goes hand-in-hand with SOC transformation with the goal of faster, more effective cybersecurity delivered at lower cost. Decreasing TCO and increasing efficiencies through AI and automation are clearly voiced organizational priorities and will be for years to come. Second, adversary proliferation and threat landscape acceleration. Released in our annual threat report several weeks ago, CrowdStrike's analyst and industry lauded threat intelligence is in a class of its own, now tracking over 245 adversary groups. In the past year, our threat intelligence teams uncovered threat actors applying to and actively working for more than 100 unique companies. The realities of the threat landscape necessitate effective cyber protection and that is only intensifying. In the face of universally accepted market needs in adversary realities, the resounding feedback I hear from customers is that CrowdStrike is their number one and most effective cybersecurity control. This is not only because of product performance and efficacy, but also because of the organizational process and orchestration built on and around Falcon. With greater than seven modules on average deployed in organization spending $100,000 or more per year, the Falcon platform is firmly rooted with replacement requiring a multi-vendor costly and time-consuming process, abandoning the protection and TCO benefits of a single platform consolidation. Our best-in-class module adoption, supercharged by Charlotte AI, our generative AI SOC analyst, makes the Falcon platform sticky for all users as well as the data foundation of the SOC. This is why we continue aggressively investing in innovation to advance our track record of revolutionizing cybersecurity. This is why customers are looking to not only stay with us but also expand their Falcon platform adoption. This is why our upcoming annual customer and industry conference, Falcon, is what I refer to as our largest selling event of the year. It is already an overflow with more than 5,000 security and IT executives and more than 95 sponsoring partners. Our unchanged vision and mission propels us to become an even better, even more resilient, and even more customer obsessed CrowdStrike. In working with customers post-incident, we quickly mobilized around customer loyalty. We took inspiration from our Falcon Flex subscription program, a licensing model that's been rapidly gaining traction across all of our customer segments. In the year since we built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $700 million in total deal value. Flex supercharges platform adoption, making it easier and faster for organizations to displace other technologies through flexibility, turning on and moving between modules without procurement and legal friction. Customers love the flexibility as it makes it easy-to-use more Falcon. In Falcon Flex, we also found a simple and effective mechanism to drive retention by offering compelling customer commitment packages. Our customer commitment package takes traditional module-by-module licensing into our Falcon Flex model, where customers can use any and all modules they wish at compelling economic values. Depending on need, the customer commitment package encompasses discounting, module ads, professional services, flexible payment terms, as well as adding duration to a customer subscription. Our best-in-class module adoption is differentiating and leading indicator of CrowdStrike customers' behavior. And post-incident, our customer commitment package will drive even more Falcon utilization and platform value realization in both the short and long-term. Customers see this as an immediate win to realize maximum and differentiated value from the Falcon platform. It is also a long-term win for CrowdStrike, cementing us as the organization of cybersecurity platform of record. Customer feedback has been extremely positive because we're proactive in our approach and customers benefit because they get what they want more Falcon. The blueprint for our customer commitment packages were Falcon Flex deals like this Fortune 500 insurance firm that I referenced before in the next-gen SIEM discussion. This customer has been with us for five years building over time from endpoint to identity. They had aspirations of consolidation and saw CrowdStrike as a platform where they could achieve their protection, automation, and economic objectives. In the midst of this deal discussion, the incident happened. We work with them on a rapid recovery. Our trust record and value from the platform over time stood out. Through Falcon Flex, this customer accelerated consolidation. They contracted for every Falcon module displacing seven technologies. And through the AWS marketplace, their spend with CrowdStrike will grow from $2.2 million in ARR to more than $5 million in ARR over the subscription. Falcon Flex grew platform adoption through the subscription term and increased ARR over the multiyear period. Our customer commitment package will grow Falcon adoption, increasing platform stickiness, ROI, and protection levels. Customer commitment packages are a proactive and concerted investment we're making to build long-term loyalty and seed long-term platform adoption. In closing, the past few weeks have been some of the most formative for CrowdStrike. Beyond apologies, I want our actions to speak even louder than our words. We work to recover customers quickly, no matter the location or need, we focused on helping customers. Challenging and unprecedented moments like these are the true tests of companies, teams, and individuals. Our response has shown me that the golden rule I have led CrowdStrike with since day one, put the customer first always, isn't just alive and well, it's thriving. Cybersecurity's mission critical role in today's digital society is undeniable. CrowdStrike's contribution to cybersecurity, bringing cybersecurity to the cloud, bringing AI to cybersecurity has profoundly redefined the industry, and we will continue to do so. We continue to invest in growth and innovation as well as safeguards to build cybersecurity's most resilient AI-powered platform. The mission of We Stop Breaches rings just as true today as it did prior to July 19. The most important part of CrowdStrike is the crowd, the people. Working at CrowdStrike isn't a job, it's a mission. The fight, the creativity, and the will to make the world a safer place by stopping breaches is here. Our mission is alive and well, and I know that CrowdStrike's very best days are ahead of us. Thank you for your unwavering trust. And now, I'll turn the call over to our CFO, Burt Podbere.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. In today's discussion, I will briefly summarize our second quarter financial results and provide our assumptions and investment priorities for the second half of the fiscal year. The strength of our second quarter results, we believe demonstrates our resilience, focused execution, commitment to financial discipline, and the long-term durability of our business. Despite the challenges of the last couple of weeks of the quarter, we delivered better-than-expected revenue, operating profit, and net income. In Q2, ending ARR grew 32% year-over-year to $3.86 billion, of which $218 million was net new added in the quarter, up 11% over Q2 of last year, and within our previously stated assumptions for the quarter. In Q2, we achieved our second largest quarter of all time for net new customer additions, expansion business, and net new ARR contribution from cloud, identity, and LogScale combined. Prior to July 19, we are on pace to deliver net new ARR growth well ahead of these results. The July 19 incident had a significant impact on the last two weeks of the quarter, as we rapidly mobilized teams to assist customers, but we continued to close deals, including a nine-figure in deal value expansion. While deals can push in any given quarter, this quarter we experienced elevated levels with more than $60 million in deals that we had line of sight for the quarter and remain open as of Monday. We expect these deals to close in future quarters. Our retention metrics and module adoption metrics remained strong in Q2, highlighting our deep partnership with customers and the significant value the Falcon platform delivers. Our dollar based gross and net retention rates were consistent with our expectations for the quarter. Subscription customers with five, six, and seven or more modules represented 65%, 45%, and 29% of subscription customers respectively. Notably, deals with eight or more modules grew by 66% over the prior year, and 48% of all customers with $100,000 or more in ending ARR, adopted at least eight modules, an increase of more than 10 percentage points over the prior year. Moving to the P&L. Total revenue grew 32% over Q2 of last year to reach $963.9 million, ahead of our expectations for the quarter. Subscription revenue grew 33% over Q2 of last year to reach $918.3 million. Professional services revenue was $45.6 million, representing 10% year-over-year growth. The sequential decrease in professional services revenue was primarily attributed to deploying complementary remediation services to help customers impacted by the July 19 incident. Record total gross margin of 78% increased by approximately 80 basis points year-over-year. Record subscription gross margin of 81% increased approximately 90 basis points over the prior year. Total non-GAAP operating expenses in the second quarter were $529.1 million or 55% of revenue, compared to 56% of revenue in the prior year. Consistent with our plan, we increased the pace of hiring, primarily in the areas of sales and marketing and R&D, growing total headcount by 22% year-over-year. In the second quarter, non-GAAP operating income grew 46% year-over-year to reach $226.8 million, and operating margin increased by more than 2 percentage points year-over-year to reach 24%. We delivered GAAP net income attributable to CrowdStrike of $47.0 million, growing more than 5x over Q2 of last year. Non-GAAP net income attributable to CrowdStrike grew 45% to reach $260.8 million or $1.04 on a diluted per share basis. Cash and cash equivalents grew to $4.04 billion. Free cash flow grew 44% over Q2 of last year to reach $272.2 million or 28% of revenue, in line with our expectations. And we delivered a Rule of 60 on a free cash flow basis. In regards to the impact of potential legal exposure related to the July 19 incident, I would like to note the following. The outcome of litigation is inherently difficult to predict, particularly in the early stages, and it is still too early for us to estimate any potential legal exposure we may have at this time. Our customer agreements contain provisions limiting our liability, and we maintain insurance policies intended to mitigate the potential impact of certain claims and have a strong cash position. We continue to work hand-in-hand with our customers to ensure their success and are well-positioned to continue investing in the business for long-term growth. Turning to our outlook, taking care of our customers has always been and will continue to be our number one priority. We believe this focus and commitment will benefit us and them over the long-term. Customer retention remains remarkably strong and we do not expect this to meaningfully change in the foreseeable future. Gross retention was 98% at the end of Q2 and dollar-based churn in the last five weeks as of Friday, was modestly lower than the same period last year. However, visibility into the back half of the year is less than typical. We expect the following factors to impact our near-term results. First, we delayed the vast majority of outbound pipeline generation activities for a few weeks following the July 19 incident. Outbound prospecting has since fully resumed and is rising to pre-incident levels of responses. Second, we expect to see extended sales cycles for both new and existing customers, with additional scrutiny requiring higher levels of approval at the CEO and in some cases, Board of Directors level. Third, as George mentioned, through our customer commitment packages, we are encouraging customers to commit to more of the Falcon platform for longer periods of time. We are focused on making sure these commitments to the Falcon platform are one of the best decisions that IT and security teams make. As reflected in our revenue guidance, in the short-term, we expect our commitment packages will result in temporarily muted upsell dollar values and temporarily higher than typical levels of contraction due to elongated subscription terms. We estimate these packages will impact net new ARR and subscription revenue by approximately $60 million and professional service revenue by high-single digit million dollars in the back half of FY ‘25. In the long-term, we expect our customer commitment packages will ultimately lead to higher platform and module adoption and deeper partnerships with customers. And fourth, specific to free cash flow, we expect to have increased flexible payment terms for our customers and we will incur additional G&A costs associated with the July 19 incident. At this point in time, we are not providing a free cash flow margin expectation for the full year. We will maintain our long-standing focus on financial discipline and the bottom line with our attention squarely on the highest and best use of every dollar. As reflected in our guidance for the remainder of the year, while we will shift some planned investment from sales and marketing to further R&D, quality assurance, and customer support, we are continuing to invest in our FY 2025 plan for the remainder of the year at this point in time. This will enable us to remain focused on our customers, protect the world against cyber threats, and stay on track with our long-term investment and growth priorities. We expect these headwinds to remain in varying degrees for about a year with acceleration starting in the back half of next year. From the longer-term perspective, we expect to see operating margin improvement on an annual basis in FY ‘26. Additionally, we remain committed to reaching $10 billion in ending ARR by the end of fiscal year 2031 and achieving our target non-GAAP operating model on an annual basis by fiscal year 2029. I will provide a detailed update of our long-term model and FY ‘26 outlook after the conclusion of fiscal year 2025. Moving to our guidance. For the third quarter of FY ‘25, we expect total revenue to be in the range of $979.2 million to $984.7 million, reflecting a year-over-year growth rate of 25%. This includes an estimated $30 million impact from the customer commitment package we discussed earlier. We expect non-GAAP income from operations to be in the range of $166.7 million to $170.8 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $201.2 million to $205.2 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.80 to $0.81, utilizing a weighted average share count of approximately 252 million shares on a diluted basis. For the full fiscal year 2025, we currently expect total revenue to be in the range of $3,890.0 million to $3,902.2 million, reflecting a growth rate of 27% to 28% over the prior fiscal year. This includes an estimated $60 million impact from the customer commitment package we discussed earlier. Non-GAAP income from operations is expected to be between $774.7 million and $783.9 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $908.8 million and $918.0 million. Utilizing approximately 252 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.61 to $3.65. As George mentioned, Falcon 2024 is going to be our biggest customer event yet. The investor briefing will be held on September 18 and will feature conversations with customers and partners. To join Falcon in person, please contact our IR team for the registration information. The briefing will also be webcast live on our IR website. We look forward to seeing many of you there. George, and I will now take your questions.
Thank you. [Operator Instructions] Our first question comes from Hamza Fodderwala at Morgan Stanley. Unmute your line and ask your question.
Great. Thank you for taking my question, and congrats on the strong results. I wanted to commend you, George, Mike (ph), and the entire CrowdStrike team for your response and transparency since the outage event. So there's been a lot of talk, George, around whether Microsoft or customers perhaps may want to limit kernel access for future updates. I'm curious, in response to this outage, whether or not CrowdStrike will have to rearchitect their approach to the Falcon agent. And if so, would that be a meaningful undertaking that might push you away from the future innovation roadmap? Thank you.
Thank you, Hamza. Yeah. Let me try to -- let me just try to take you through this with a little bit of detail. So despite a lot of the false narratives and misinformation from our competitors, I want to be clear that this was not a kernel update, this was a code update -- it was not a code update, it was a configuration update, and we already covered the remediation in our prior remarks. When we think about the architecture of what we've built and rearchitecting it, I've got to set the record straight on that as well. We have best-in-class architecture and we lead the industry for a reason. We have greater efficacy, greater manageability, and greater scalability than our competitors, and I just want to give you an example of that. If you look at the latest MITRE (ph) results, Falcon had 98% coverage, our next-gen competitor had 79% coverage. It took Falcon 4 minutes for mean time to detection. It took our competitor 47 minutes. And the list goes on and on. If we think about the architecture as well, we have a very lightweight agent, requires 100 megs of storage, our competitor, as a heavy agent requires 3 gigabytes of storage in the Windows environment. So we didn't become number one in the market by having a poor architecture. We became number one by having a great architecture. We talked about what we've changed here in terms of our configuration updates and we feel confident about that going forward, and our customers feel confident about that. So we'll continue to work with Microsoft as part of the ecosystem as they look to provide further enhancements around kernel access, but just to be clear, there are thousands of software kernel drivers that are out there that go well beyond security, like VPN, virtualization software, IT management software, backup software and a lot more. So we are one part of the ecosystem, and we're certainly a player that's going to help and work with Microsoft as they think about adding other mechanisms to allow the ecosystem to flourish.
Our next question comes from Brian Essex with JP Morgan. Please unmute your line and ask your question.
Great. Good afternoon, and thank you for taking the question. Congratulations from me on; one, a fantastic response to the incident; and then two, execution on the back of that is impressive. I guess, George, for me, obviously, you've got peers out there talking about benefiting their pipeline, we still have to see that in their numbers, but from your perspective, we'd love to get some insight into what you're seeing from the pipeline. Obviously, you've called out the $60 million in deals that kind of pushed into 3Q, but from a competitive perspective, what are you seeing in terms of the number of peers that are invited into the process, maybe a little color around the conversations that you're having at the C level that are leading to some of those extended sales cycles, that would be really helpful to get that insight?
Sure. Obviously, there's a lot of noise in the marketplace and we can only control what we can control, and I think the best way for me to articulate that is to just recount some of the conversations. I had two customer calls this morning and most of them start out the same. They talk about our response, how transparent we were, and how we dealt with the problem. We talked about some of the mitigating steps that we've taken and it generally ends with we want to do more with CrowdStrike. I had one this morning, which was a customer that had an impact, we talked through it. They were satisfied with the controls we put in place, and in fact, on the call, they basically said we won the next-gen SIEM project they had, which we won against another next-gen SIEM competitor. So this is what we're seeing. And again, I'm recounting my calls and many, many of them sort of starting in the same way. So that gives me encouragement again that we've built a lot of trust with our customers over time and we put a lot of trust in the bank. Yes, we had an issue on July 19. We've been very clear about that and very transparent, but consistently, the calls have been, you have saved us way more times than this incident and we are all in on CrowdStrike and we're all in, for all the reasons we've talked about in the past, the consolidation play, the ability to save time, money, get better outcomes, and take four, five, six, and seven products and move them to the Falcon platform. That hasn't changed before the 19th of July and hasn't changed after the 19th of July and this is what customers are coming back to us with.
The next question comes from Saket Kalia with Barclays. Please unmute your line and ask your question.
Okay. Great. Can you hear me? Hey, George. Can you hear me?
Yes. We can hear you. Go ahead.
Okay. Sorry about that. Awesome, sorry about that guys. Thanks a ton for taking my question and offer my congrats as well just on the resilience here in the face of a very tough couple of weeks. George, maybe my question is for you. I'd love to just touch on Falcon Flex a little bit. This was something that you were investing in before the outage as well, but it sounds like it's something that can also be helpful for customers to maybe drive better security outcomes as well. Can you just maybe touch on that and how it's maybe helping that conversation post-outage?
Sure. Well, when we think about Falcon Flex, this was born out of demand from our customers. If you look at our module attach rates, which we've gone through again many times in the past and they continue to go up as customers rely more and more on CrowdStrike, they came to us and said, hey, we want an easier and more flexible way to consume your Falcon platform. When you start with one module, when I started the company and you're at 28 days is a lot that you have to go through with a customer, and we wanted to meet customers where they wanted us to be, which is more CrowdStrike, make it easier through procurement cycles, and then ultimately allow them to consume it how and when they wanted to consume it. So we started down this journey a while back and it continues to gain a lot of traction with our customers. We've taken this and you heard this in my prepared remarks, and we are able now through our customer commitment package to be able to offer Falcon Flex. And again, some of the things that we went through, whether it's modules or time or what have you, we can allow our customers to be able to consume that as part of the customer commitment package. And we think overall, it's great for our customers because we're coming to the table and solving business problems. And also, it's great for CrowdStrike long-term because we're allowing them a very flexible model to continue to consume CrowdStrike, which they know and love.
Our next question comes from Tal Liani with Bank of America. Please unmute your line and ask your question.
Here we go. Now you can hear me. Last night there was one of your competitors that said that customers would be more afraid now to buy -- to put all the eggs in one basket, meaning buy more modules from a single vendor and they'll opt for diversification of customers -- sorry, vendors. And for you, at least in previous quarters, I didn't calculate this quarter, but about two-thirds of your growth came from upsell to existing customers, and the question is whether you have any evidence if the event change the appetite of customers to buy from a single vendor -- to buy from you specifically? Have you seen any change of customers willing to buy up -- your ability to upsell to them, the other modules, etc.? And there is just -- I know it's one question, but there's just one thing that is a follow-up on something, Burt, the full year EPS guidance translates into a very big 4Q EPS, if you can somehow go over it to make sure that we have the right numbers. Thanks.
Okay, Tal. Let me take the first part. So when we think about more modules, it gets back to what I just went through, customers want to do more with us. Obviously, we talk about what happened, and it's not going to happen again, but they want to buy more from us. And again, customers' comments back to me are, they don't want to go backwards. They don't want a bunch of disparate products. They don't want a bunch of different consoles. And they specifically told me that the adversary lives in the gaps between products, in the SIEMs between products. So what they're looking for is the ability to cover more of their estate, right, to have a complete view. And when you look at next-gen SIEM, it allows us to take telemetry and logs in from other systems beyond the first-party data that CrowdStrike is generating. So I would say, the long and the short of that is customers don't want to go backwards and have a patchwork of products. They are still focused on the consolidation piece and they're looking at us as one of the key consolidators in the market.
Yeah. So on your question with respect to EPS, as we thought about the impacts to non-GAAP operating income, we talked about the -- some of the headwinds that we had, mostly driven from revenue side of the house, and we tried to be consistent in the way that we approached the guide on both Q3 and full year. So that's how we thought about it when we gave our guidance.
The next question comes from Joel Fishbein with Truist. Please unmute your line and ask your question.
Thanks for taking my question and also really great transparency, George and Burt. Thank you very much. My question is on guidance methodology. Burt, can you just go through a little bit of how you came up with the guide for the back half of the year considering all the moving pieces? And I guess the question, how it changed relative to how you've done your guidance before, that would be really helpful. Thank you.
Sure. On the revenue side, the biggest impact comes from the customer commitment package that George walked through. So that's the one that's going to drive the biggest impact. And we walked through the numbers in terms of revenue, the impact, we said $60 million in the back half, $30 million in Q3, and $30 million in Q4. So that was the biggest driver on revenue. And then obviously that falls down to non-GAAP operating income. And so we did -- as we thought about it and we thought about how it impacts everything from revenue to EPS, we really took that prudent approach. There has been nothing in terms of big changes in terms of how we guide it, we guide to what we see, not to what we don't see. But again, the biggest impact was the -- how the customer commitment actions impacted both the top and bottom, and they were consistent in how we applied the approach.
Our next question comes from Gabriela Borges with Goldman Sachs. Please unmute your line and ask your question.
Hi. Good afternoon. Thank you. I would love to get a little bit more detail, George and Burt, on the customer commitment packages. And you mentioned a couple of dynamics there alongside duration and concessions, maybe just a little more on how you came up with that $30 million number in 3Q and 4Q, and what are some of the guardrails and how you think about the appropriate amount of duration or discounting or concessions that you want to give a customer to keep them happy and satisfied with the CrowdStrike platform? Thank you.
Thanks, Gabriela. So in terms of how we came about the $60 million in the back half, we'll just focus on the net new ARR. We thought about three things, right? We thought about, hey, we've got -- we talked about the delay in pipeline generation, so that has an impact. We talked about longer sales cycles, that's due to increased scrutiny and that's not just for us, but that's for, I think, most people in software and tech. And then we talked about the muted upsell value. So we took all those things into consideration when we thought about the impact on the customer commitment packages. As far as the packages themselves, you're right, we have different pieces within the package. George outlaid them pretty well. We talked about some of them being discounts. We talked about some of them being duration. Duration has an impact, of course, on net new ARR. But we also talked about product and product will have an impact more on COGS. So that's going to impact the bottom. So we took all those factors together to come up with our guide and that's how we came up with the $60 million.
Our next question comes from Rob Owens with Piper Sandler. Please unmute your line and ask your question.
Yeah, Burt. I guess as a follow-on to that -- thanks for taking my question here. The $60 million through the remainder of this year, but you talked about some of the weakness potentially persisting for a year in terms of net-new ARR. So I know you're not guiding to the out year, but as we kind of contemplate this, should we think about this more on a 12-month basis? And then as the selling of these customer commitment packages starts to anniversary or more normalizing relative to net new ARR growth and relative to maybe where margins were historically? Thanks.
Thanks, Rob. So I think that this type of -- this type of incident has a half light, right? So there'll be a diminishing impact over time, so Q3 will be harder than Q4. Q4 will be harder than Q1, and so on and so forth. I think the biggest piece for us is that when we get to the back half of next year, we'll start to see an acceleration in the business, and that's the big-picture, and that's what I want everybody to walk away from.
Our next question comes from Matt Hedberg with RBC. Please unmute your line and ask your question.
Thanks for taking my questions. Actually, maybe a little bit of follow-up to Rob's question. I think, Burt, you kind of addressed it, but do you think part of that acceleration is some of these commitments then expanding usage? In other words, what's a bit of a headwind now is part of that broader commitment that just kind of compounds on itself? In other words, is that part of that tailwind that we should think about next year? Is this renewal cycle of these commitments?
Yeah. This is George. So when we think about the consumption of Falcon Flex, typically what we've seen is customers can do more of it faster than they originally anticipate because we're providing value. So when we think about to Burt's comments next year, obviously, be more modules in use and I think we have the ability to go back to those customers and understand what other things we can do for them, including looking at additional flex opportunities based upon what they've been using over the last period of time. Anything to add to that?
Yeah. No, I think it's -- what George had talked about, it's seeding for the future, and I think that starts to take -- start to take play back half of next year.
Our next question comes from Fatima Boolani with Citi. Please unmute your line and ask your question.
Good afternoon. Thank you for taking my questions. I appreciate it. George, and even Burt, please chime in, so on this procurement vehicle, Falcon Flex, clearly, you've seen a tremendous amount of positive data points, you shared them in the script, $700 million deal value created with just one year in the market. I'm wondering if this is now going to be the predominant go-to-market approach for you all in terms of incentivizing broader portfolio adoption. And then related to that, Burt, as we think about extrapolating some of the financial implications in the out years beyond your framed guidance, how should we think about renewal cycles and renewal conversations coming up that you could potentially steer towards these contracts such that you do still get an elongated period of maybe net new ARR growth. Can you help me sort of straddle those two? Thank you.
Yeah. So when we think about Falcon Flex, again, born out of what customers wanted. We've seen tremendous success with it because it opens up the entire product portfolio to our customers. They can pick and choose what modules they want. They can leverage it where they want it as they acquire new companies as an example. It's very easy for them to add new modules or new endpoints or cloud workloads. It minimizes procurement cycles. So it's a great thing for customers, it's a great thing for us, and it is a prime -- one of the primary mechanisms we're using from a go-to-market motion going forward. So it is something that we put in place. We've seen the tremendous results from it, and we'll continue to lead with that into our customer base.
Yeah. So all those things are the things that we're looking for. And as I think about the future in terms of our renewal opportunities, the Flex does offer more ability for the customers to consume more, to take on more, and that just bodes well for our renewal cycles, right? We want them to do that. And so by seeding them now, that's only going to bode better for us in the future and better for the customers more importantly. I think they're going to benefit more and more as, look, we're going to come up with new products, right, and those are going to be available to them. And so that's how we think about the renewals and the new renewal possibilities as we look out into the future.
Our next question comes from Andrew Nowinski with Wells Fargo. Please unmute your line and ask your question.
Okay. Good afternoon. Thank you for taking the question. And I'm sure every organization that was impacted appreciates the transparency and the contrite response you have today. So I wanted to ask about really on the renewal cycle as well. I was wondering if you could just give us any more color around the mix of renewals throughout the year. I would imagine Q4 is typically has the most renewals out of all four quarters, but maybe if you could just provide more color on the mix, maybe which quarter do you think there's more risk to a higher mix of renewals in case they don't potentially renew? Thank you.
Thanks, Andy. So two things. So one, there is definitely seasonality, right, in our business and we've talked about it, you've highlighted Q4, that's typically our highest quarter of deals. And I think, second, what I talked about earlier, it's -- this idea of a half-life. The closer you are to the sun, the hotter it is, the more difficult it is in terms of the headwinds. And as you move farther and farther out, you see more relief, so the impact gets less. So if you combine those two things, that's how we would think about the renewal cycle.
Our next question comes from Roger Boyd with UBS. Please unmute your line and ask your question.
Great. Thanks for taking the questions and I will add my congrats on the response and resilience demonstrated over the last month. George, just on the hypergrowth modules, nice to see that group past $100 billion collectively -- $1 billion collectively. It sounded like the timeline, you reiterated the $10 billion ARR target. It sounded like the timeline got pushed towards the longer side of the five to seven-year range you provided before. I would just love to get kind of your view on the durability of growth there. I get there's a lot of uncertainty, but just kind of any view on how you expect it to play out is the right view that you just see this as kind of a one-year speed bump towards those longer-term guidance?
Yeah. I'll start and then I'll turn it over to Burt. When we think about the durability of CrowdStrike, I think we've demonstrated it this quarter. We've had a history of durable growth because we're solving real problems for customers. And when you look at some of the businesses that we talked about, Identity and Cloud and next-gen SIEM, $1 billion is incredible and you look at the growth rate. So we've got multiple vectors of growth for CrowdStrike. We've got a massive TAM opportunity that's only getting bigger. And we always at CrowdStrike have and will continue to take a long-term view of the market. So we're going to deal with this in the short-term, and then obviously, I think this sets us up well for the future. Burt?
Yeah. So, Roger, the key here is that we remain committed to reaching the $10 billion in ARR by the end of 2031. I mean that's the -- that was part of the range that we gave out in prior periods and we're still committed to it.
Our next question comes from Joseph Gallo with Jefferies. Please unmute your line and ask your question.
Hey, guys. Thanks for the question. Can you just update us on the federal momentum? You're entering their biggest quarter, and how should we think about that business? Does the IT outage slow momentum there given they're typically pretty conservative? Thanks.
Sure. Well, Q3 obviously is the federal quarter. I think we've got good momentum. We've done, I think, well with the sister relationship that we have. And as many things in the federal space, it takes time and we continue to build momentum and win deals in those categories, and not only federal, but we think about state and local, incredibly strong across-the-board, and we're just talking about the U.S., right? We do this for the rest of the world. So we like our opportunity there. Those are always long-term opportunities, but we're certainly encouraged in terms of the success that we've had so far.
Our next question comes from Gregg Moskowitz with Mizuho. Please unmute your line and ask your question.
Okay. Thank you for taking the question and also well done in terms of transparency. I had a clarification just on the customer commitment packages and CrowdStrike's future expansion strategy. Is part of the plan effectively giving away modules to existing customers for upwards of the year? In other words, when you speak about an expectation of muted upsell dollar values and temporarily higher levels of contraction, is this part of the seeding strategy that you're referring to?
I'll start with -- we always want to do the right thing for the customer, and customers -- we're solving business problems and they like our technology, they love our technology, right? So when we think about the opportunity to drive greater platform adoption, certainly that should be added into the conversation. And what we've seen over time and we've built a history of greater module adoption, you can see that since you've been tracking us from our IPO. So from that standpoint, we do think the long-term opportunity proves well for CrowdStrike, and having customers use more modules is always a good thing, and that's what we're focused on.
Thank you. This concludes today's question-and-answer session. I would now like to turn the call back over to George Kurtz for closing remarks.
So thank you all for your time today. We appreciate your continued support and look forward to seeing you at our upcoming investor event at Falcon. Thank you.