CrowdStrike Holdings, Inc. (NASDAQ:CRWD) Q2 2020 Results Earnings Conference Call September 5, 2019 5:00 PM ET
Maria Riley - Senior Director of Investor Relations
George Kurtz - President, Co-Founder and CEO
Burt Podbere - CFO
Conference Call Participants
Heather Bellini - Goldman Sachs
Sterling Auty - JPMorgan
Saket Kalia - Barclays
John DiFucci - Jefferies
Matt Hedberg - RBC Capital Markets
Gur Talpaz - Stifel
Sarah Hindlian - Macquarie
Andrew Nowinski - Piper Jaffray
Erik Suppiger - JMP Securities
Gregg Moskowitz - Mizuho Securities
Alex Henderson - Needham
Shaul Eyal - Oppenheimer
Good day, ladies and gentlemen, and welcome to the CrowdStrike's Fiscal Second Quarter 2020 Results Conference Call. At this time, all participants are in a listen-only mode. [Operator Instructions] Later, we will conduct a question-and-answer session. [Operator Instructions] As a reminder, today's conference may be recorded.
I would now like to introduce your host for today's conference, Ms. Maria Riley, Senior Director of Investor Relations. Ma'am, please go ahead.
Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President, Chief Executive Officer and co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer.
Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, and expected performance, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call.
While we believe any forward-looking statements we have made are reasonable, actual results could differ materially because the statements are based on our current expectations, and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise.
Further information on these and other factors that could affect the Company's financial results is included in the filings we make with the SEC from time-to-time, including the section titled Risk Factors in the Company's Form S-1, previously filed with the SEC.
Also, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.
Now, I will turn over the call to George to begin.
Thank you, Maria, and thank you all for joining us today. We delivered a strong second quarter with rapid subscription revenue growth and record net new ARR generated in the quarter. Year-over-year, we achieved 104% ARR growth, 98% subscription revenue growth, and 94% total revenue growth which was above the high end of our guidance.
We also continued to expand our subscription gross margin and operating leverage. We believe these strong results demonstrate our growing leadership in the security cloud category, which we estimate the global market opportunity to be $24.6 billion in 2019 and growing to over $29 billion in 2021.
Burt will discuss the details of our Q2 financial performance in a few moments, but first I will provide a quick update on the progress we made over the past few months in this large and growing market. CrowdStrike stops breaches and we are transforming endpoint security. Our clear technology differentiation is driving our growth which continues to significantly outpace the industry.
In addition to stopping breaches, we help customers simplify their security stack with our single-agent architecture and cloud modules. This sets us apart from others in the security industry and a growing number of organizations around the world recognize the power of CrowdStrike's cloud-native Falcon platform.
To measure our success executing on our platform strategy, we look at the percentage of all subscription customers that have adopted four or more cloud modules. This percentage rapidly grew to 30% by the end of fiscal 2018 and then to 47% by the end of fiscal 2019. I'm pleased to announce that in Q2, we reached a new milestone with 50% of our subscription customers having adopted four or more cloud modules. The strength of CrowdStrike's Falcon platform is also rapidly gaining industry recognition.
As we recently announced, CrowdStrike was positioned as a leader in Gartner's Magic Quadrant for Endpoint Protection Platforms. This report evaluates vendors based upon completeness of vision and their ability to execute. Of all EPP vendors, CrowdStrike was positioned furthest to the right for completeness of vision. We believe CrowdStrike's placement in the Leaders Quadrant validates that our single agent architecture, proprietary Threat Graph database, and cloud modules represent the standard in securing the growing workloads of today and the future.
In placing CrowdStrike as a leader, Gartner also cited our extensible platform and the CrowdStrike store, the first and only unified security cloud ecosystem of trusted third-party applications. To help foster innovation within the CrowdStrike store ecosystem, we have established the Falcon Fund in partnership with Accel. CrowdStrike Falcon's cloud-native open API architecture was built to provide a shared security ecosystem where developers and partners could dramatically shape the future of security in IT operations.
Through the CrowdStrike store, third-party applications can be developed utilizing the massive amounts of endpoint data that our lightweight agent already collects. The Falcon Fund will invest in the next generation of innovators who are leveraging the Falcon platform to solve the most pressing security and IT challenges. We believe our rapid revenue growth at scale and customer acquisition also demonstrate the power of our true cloud-native platform to stop breaches.
In Q2, we once again saw an acceleration in customer growth with a record 730 net new subscription customers in the quarter, bringing our customer count to 3,789. By unlocking the power of crowdsourced data, our solution gets smarter the more data it consumes. Each new customer endpoint or workload joining our crowdsourced network increases our effectiveness, intelligence, and competitive advantage.
To further highlight our differentiation, initial adoption drivers of the Falcon platform and our ability to leverage a low-friction, high velocity sales model, I will take a moment to share the success we are seeing with our partners and customers.
First on the partner front. As you know, we entered into a partnership with Dell and SecureWorks earlier this year. We were chosen by Dell and SecureWorks over the competition in order to advance the industry's most secure commercial PC by offering leading endpoint protection technology from CrowdStrike. We along with Dell and SecureWorks continue to invest in this partnership and initial customer response has been positive.
We are excited by the potential opportunities of this partnership, but it's still early days and only represents a small portion of our ARR. As with most partner and reseller relationships, we believe that the customer's choice will ultimately drive the success of the partnership. Given our leading position in the Gartner Magic Quadrant and growing customer momentum, we are confident that customers will choose CrowdStrike.
At CrowdStrike stopping breaches extends beyond the endpoint and includes securing a wider array of workloads including desktops, servers, mobile devices, virtualized and cloud environments, IoT devices and containers. These workloads need to be protected, and they are growing with every new connected device and every new cloud instance. An increasing number of enterprise customers are migrating to the cloud and modernizing their applications.
We have made several strategic investments in our collaboration with AWS, including making our products available on the AWS Marketplace increasing our engagement with the AWS Partner Network and integrating with core security services such as Amazon GuardDuty and AWS Security Hub.
Over the past six months, CrowdStrike has seen a significant increase in the volume of transactions through the AWS Marketplace, in the co-selling opportunities with AWS sales team and the adoption of our AWS service integrations. Through the marketplace, AWS is selling CrowdStrike to secure their customers’ cloud workloads as well as endpoints that reside on the customers’ corporate network.
I would now like to spend a few minutes talking about some of the reasons why we win with customers across diverse verticals and geographies regardless of size. Customers choose CrowdStrike because of our cloud scale AI, our proven efficacy, and our extensible platform. We also win because of our immediate time to value.
The first customer story highlights our ability to rapidly deploy our solution at scale. Unlike most of our competitors, our cloud-native solution is rapidly deployable because our lightweight agent is designed to be automatically installed and operational on an endpoint in less than 30 seconds without requiring a reboot and of course without requiring hardware. This is a key factor for customers that want to adopt a new solution rapidly without rebooting their entire business.
Take the example from this quarter of a leading beverage company headquartered in Europe that was looking for solution to provide full visibility on their endpoints and that would ultimately replace their antivirus vendor. In this competitive win, CrowdStrike Falcon was tested against an incumbent and other vendors. This new customer was blown away by the ease and speed of CrowdStrike's deployment and efficacy. They were able to turn on tens of thousands of endpoints without a single helpdesk ticket, leading them to standardize globally on the Falcon platform.
One month after purchasing our AI-based Falcon Prevent for Next-Generation AV, Insight for EDR and Discover for IT Hygiene, they added Spotlight, our vulnerability management solution to their Falcon platform subscription allowing them to leverage the CrowdStrike agent and data already in place to provide scanless [ph] real-time visibility into vulnerabilities. CrowdStrike's in EPP [ph] trial which allows customers to try new modules with their own data is a key driver of our frictionless cross-sell go-to-market strategy.
The second customer story I will share with you is with a global transportation network where we displaced the NexGen vendor. This organization had several of the common complaints we often hear from prospects; one, a growing concern of advanced persistent threats; two, a lack of efficacy by the incumbent; and three, poor endpoint performance due to agent bloat. Engagement with the customer focused on the performance teams via CrowdStrike's cloud-native single agent architecture and the business value of the CrowdStrike platform. This ultimately led to a large deal for NexGen AV, EDR, device control, and our threat hunting module OverWatch.
In Q2 we also expanded our engagement with a major U.S. airline. This customer had multiple toolsets on the endpoint including whitelisting and a legacy antivirus which caused complexity and agent bloat. These tools hindered their ability to build a definitive incident response workflow and limited their ability to respond to attacks. During the POC, the whitelisting incumbent put forward their cloud-based EPP offering which failed the technical evaluation.
This incumbent was not selected because it was proven to be immature, ineffective, and negatively impacted the performance of their endpoints. This customer now subscribes to five CrowdStrike cloud modules across endpoint security, security in IT operations, and threat intelligence. CrowdStrike is helping protect this customer from breaches while significantly streamlining their security stack with our single agent architecture.
And the final customer story I will share with you this quarter demonstrates our free trial is a driving adoption of our platform by removing friction from the sales process and creating a high velocity sales model. An organization based in Asia was using the signature-based AV product embedded in their operating system and was looking to enhance their security with a full EPP solution which is capable of preventing Ransomeware.
Starting with our free trial this company explored the CrowdStrike Falcon platform. Impressed with the solution, the prospect engaged with our sales team and quickly became interested in and purchased our Falcon complete offering as a way to add both a true endpoint protection solution as well as a dedicated security team. From trial to close that deal took only three weeks.
Overall, the message from our customers that resonates loud and clear is that our platform is clearly unique and differentiated in the marketplace, as no other competitor is able to effectively stop breaches, reduce cost and complexity, and restore endpoint performance like CrowdStrike Falcon.
Before I hand it over to Burt, I'd like to discuss our view of the consolidation in the endpoint security market that has occurred over the past few quarters. We have seen three of the larger NexGen endpoint players and the largest legacy endpoint security company decide to sell their business. These companies either originated as on-premise solutions or had an on-premise version and were unable to successfully transition to a true cloud-native architecture without an on-premise version.
In addition to the technology barriers, many of these companies struggled converting from a mix revenue model to a subscription only revenue model. Ironically, as our competitors have tried to transition to a cloud architecture, it has forced their customers to look for a true cloud-native endpoint protection platform. We believe this dynamic has contributed to an expansion in our pipeline and an acceleration in our overall customer adoption.
Furthermore, we view this consolidation as a strong net positive for our business and validates that cloud-native is hard and costly unless done from inception. CrowdStrike was cloud native from day one and we enjoy first move advantage in cloud delivered endpoint protection. We have the architecture that others strive to emulate and we possess unique technology that allows us to operate effectively at scale.
We believe these transactions reflect the growing distance CrowdStrike is putting between ourselves and competitors in terms of both commercial traction and our data moat which provides us with a long-term competitive advantage. Again, this is reflected in our position in the Gartner Magic Quadrant versus all other fossilized and NexGen players.
In summary, we are very pleased with our results and even more excited about the future. We continue to pioneer and define a security cloud category and have built a high-performing and enduring business with multiple engines for growth and a frictionless go-to-market strategy. We believe that the market landscape has evolved in our favor and we are well-positioned to capitalize on this growing opportunity.
With that, I'll turn the call over to Burt.
Thank you, George, and good afternoon everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Across the board we delivered an outstanding second quarter with strength in multiple areas of the business including record net new ARR generated in the quarter, record net new customers, and strong subscription gross margin improvement.
We view ARR as a key metric to measure our business. In the second quarter we delivered 104% ARR growth year-over-year to reach $423.8 million of which $59.2 million was net new ARR added in the quarter a new record. This growth was driven by another strong quarter for new logo acquisition combined with low contraction and churn within our existing customer base.
Additionally, our dollar based net retention rate which speaks to the efficacy of our solution and our successful land and expand sales model once again exceeded our 120% benchmark. Total revenue grew 94% over Q2 of last year to reach $108.1 million. Approximately 90% of our revenue is subscription-based with no perpetual licenses giving us strong, scalable recurring revenue base and a business model advantage. In the second quarter subscription revenue grew 98% over Q2 of last year to reach $97.6 million.
In terms of geographic breakdown, approximately 74% of second quarter revenue was derived from customers in the U.S. and 26% was from international markets. Our rapidly growing international business highlights the global nature of the security industry, the massive market opportunity in front of us, and our continued success penetrating these markets.
Moving to our operating results, we are focused on building a long-term business with sustainable growth and compelling margins. In Q2 we continued to recognize operating leverage in our SaaS model and the benefits of scale even as we increased investments in our global reach and cloud platform. Second quarter non-GAAP gross margin improved to 73% from 67% a year ago.
Our non-GAAP subscription gross margin increased to 76%, a 511 basis point increase from Q2 of last year. This improvement is primarily attributable to the continuation of the cross functional efficiency initiatives we implemented in 2017 around hosting and data center costs. The significant progress we have made in improving our gross margin was a true team effort across finance, operations, and R&D. I would like to thank the entire CrowdStrike team for their continued commitment to this initiative.
The uptake of multiple cloud modules by our customer base is also a key driver of our gross margin performance as the first module subscribed to buy a customer covers the cost of data storage and most computational [ph] costs, therefore generating a very high margin with each additional subscription module. Total non-GAAP operating expenses in the second quarter were $99.1 million or 92% of revenue versus $65.4 million last year or 117% of revenue.
Scaling our business efficiently is a top priority, which is why we focus on our unit economics including magic number. In Q2 we ended with a magic number of 1.0. Key factors driving our unit economics include our strong gross and net retention rates and our highly efficient low friction sales and marketing programs that continue to drive subscription revenue growth.
We have a proven history of disciplined investing and remain committed to maintaining a thoughtful balance between generating topline growth and achieving operating leverage. Going forward, we plan to make continued progress in driving toward breakeven and beyond, but it may not be in a linear fashion depending on the timing of expenses.
We reported a non-GAAP operating loss of $20.6 million. As a result of our rapid topline growth, expanding gross margin profile, and continued disciplined approach to investing in our business, we drove strong operating leverage in the quarter with our operating margin improving 31 percentage points year-over-year.
Non-GAAP net loss was $23.1 million or $0.18 per share which compares to a non-GAAP net loss of $30.4 million or $0.69 per share in Q2 of last year. The weighted average common shares used to calculate second quarter EPS was $130.1 million shares in Q2 of fiscal 2020 and $44.1 million shares in the Q2 fiscal 2019 period.
Turning now to the balance sheet, we ended Q2 with $826.8 million of cash, cash equivalents and marketable securities. Cash flow from operations for Q2 was negative $6.2 million and free cash flow was negative $29.2 million.
Moving to our guidance for the third quarter and full year fiscal 2020. For Q3, total revenue is expected to be in the range of $117.1 million to $119.5 million reflecting a year-over-year growth rate of 76% to 80% with subscription revenue being the dominant driver of growth. We expect non-GAAP loss from operations to be in the range of $27.7 million to $26.1 million and non-GAAP net loss to be in the range of $24.8 million to $23.2 million.
Utilizing weighted average shares used in computing non-GAAP net loss per share, basic and diluted of $204.1 million, we expect non-GAAP net loss per share basic and diluted in the range of $0.12 to $0.11. We are raising our outlook for full fiscal year 2020. We currently expect total revenue to be in the range of $445.4 million to $451.8 million reflecting a growth rate of 78% to 81% over the 2019 fiscal year.
Non-GAAP loss from operations is expected to be between $97.9 million and $93.5 million and non-GAAP net loss is expected to be between $95.3 million and $90.8 million. Utilizing weighted average shares using computing non-GAAP net loss per share basic and diluted of $147.3 million, we expect non-GAAP net loss per share to be in the range of $0.65 to $0.62. We are pleased with the strong results, we are reporting today and believe we have the capacity and resources to continue driving the business forward over the long-term.
George and I will now take your questions. Operator, we'd now like to open the lines for questions.
Certainly, our first question comes from the line of Heather Bellini with Goldman Sachs. Your line is now open.
Great, thank you very much, gentlemen, and congratulations on the recent IPO. Just had a couple of questions I wanted to start out with. I mean, obviously your pace of net adds this quarter was very strong and keep seeing really good sequential improvement. Just wondering, and I know you touched on this a little bit George, but where you're seeing incremental traction? Is some of this partner driven, is this the sales force just starting to become that much more efficient? And then I wanted to follow-up about the - just following the FedRAMP certification I guess a year ago now, if you could provide us an update on how that vertical is going for you? Thank you.
Sure. Thanks, Heather. So let's talk about where we're seeing some of this activity. There's a couple of areas that I focused on in my prepared remarks. Number one is AWS, we're seeing a tremendous amount of momentum as customers are looking to protect those cloud workloads. And again, when we think about our opportunity, it's not just endpoints, right? We think about workloads. And that could be an endpoint, it could be a server, it could be a mobile device, a cloud instance, what have you.
So we're seeing strong demand and a great partnership from AWS. We're seeing also strong conversions from our free trial, as I mentioned as well. And I think what we've seen is just a recognition of a clear separation between our technology and others in the marketplace, and that's reflected in very strong customer poll from many of our partner companies that we work with.
Specifically, I think the second point of your question was around FedRAMP certification. As you know, last year, we got our FedRAMP certification after the buying season. So, we are very active in the FedRAMP buying season which as you know, wraps up at the end of September. And given the technology that we have and the ability to stop breaches, it has been very well received not only in the Fed market but also in state and local governments. And I think you've seen a lot of those stories specifically around ransomware. Given our AI and our machine learning, we've been able to prevent those ransomware attacks for our customers without any signature updates or any changes.
So, we think both Fed and state and local government are great opportunities for us, and we're really excited about those as we get into the buying season, particularly in the Fed space.
Okay, great. Thank you.
Our next question comes from Sterling Auty with JPMorgan. Your line is now open.
Yes, thanks. Hi, guys. George, I appreciate the comments that you gave especially around Dell, but just to put a fine point on it, just kind of curious in terms of are you worried about anything in terms of maybe tighter technology integration into the SecureWorks platform or any type of marketing that might impact the opportunity on that go-to-market channel?
Yes, thanks Sterling. Let me just start with there's been a lot of consolidation in this space. And ultimately, I think it's validation in what we've built and how hard it is to actually transition from a legacy solution or three agents or mixed model into a cloud architecture, and that's across the board for many of the companies that have been acquired.
Specific to Dell and SecureWorks, we have a great relationship there, business as usual. And many people probably know that Carbon Black was the first partner with SecureWorks many, many years ago. So, we look at this as a choice model, which is something that SecureWorks has always had, and again we're seeing strong demand as evidenced by what we've talked about with the Gartner Magic Quadrant and the leadership position.
So, ultimately, we think that the best technology is going to win out and some of these relationships actually even pre-date us. However, we've been chosen by SecureWorks as one of their partners, and we're excited to be there and for us, it's business as usual and we'll let the customers decide which technology is best.
That makes sense, and then one follow-up. If you look at the more recent modules that you've released, how is the adoption curve of those compared to some of the earlier modules that you launched?
Well, I think we've talked probably at length on sort of the core modules that we go to market with. But if you look at things like Spotlight, I can tell you, Windows OS vulnerabilities as an example, is a huge pain point for customers that are out there. There's compliance issues, there is Hygiene issues, and we've seen a tremendous increase in Spotlight. I highlighted one of those, those wins in my prepared remarks.
And why are we seeing that? Well, it just works. It’s a scanless technology, companies don't want other agents on their system. If they have a scalable agent, which is going to deliver real-time vulnerability information, that’s what they're looking for. And the ability to actually have a customer try it with their own data, with our frictionless in-app trial, I think has been a big boon to us. So, we're seeing a lot of activity there.
If you look at our threat intelligence modules, our Falcon X, the ability to automate a triage process and take something that would normally take eight hours and reduce that time to five minutes with our Sandbox technology and our malware search capabilities and our integrated intelligence, these have been very, very well received. And again, a tremendous - we've seen tremendous adoption in those areas.
Great, thank you.
Our next question comes from Saket Kalia with Barclays. Your line is now open.
Hi guys, thanks for taking my questions here. First, maybe for you, George, sorry to go back to the VMware, Carbon Black question, but I think it's relevant. And I want to ask the question slightly differently about the Dell relationship or just the general quick PC OEM channel. Are there other PC OEMs that you think are interested in becoming a channel for CrowdStrike in the SMB sort of business vertical? And what are they saying to you?
Well, we're not going to comment on any potential relationships there other than saying, there is a tremendous amount of interest across all partner channels whether it's OEM, whether it’s traditional partners, whether it's cloud partners because we're leading technologies. So, we spend a lot of time and we try to be very thoughtful in how we go to market and how we partner, and we're going to continue to do that.
And what we're seeing is the customer demand. If you go out into the marketplace, the customers are asking their partners whether it's a hardware vendor, whether it's a traditional reseller, whether it's a cloud service provider, whether it's managed service provider, the partners are being asked about CrowdStrike.
I've had a lot of meetings with the Sis, and there's just tremendous pull for us. So again, we're going to be thoughtful in how we go to market, but suffice to say, there's a lot of demand. And when the customers are asking for it, that's really when these partners take shape, and you see the traction in the field together.
That makes sense. Hey, for my followup maybe for you Burt, nice customer additions in the quarter, can you just talk about the success you're having in the SMB channel versus enterprise? And maybe just touch on how you think about that mix impact on that ARR per customer metric?
Thanks, Saket. So I think we're seeing continued momentum in both the enterprise and the SMB space, and we continue to invest in both. We continue to commission on both in the same manner. We continue to make sure that all the resources are available for both those markets. And today, what we're seeing is we're seeing continued positive pricing trends in both of those markets. So as we think about it going forward, we think about the volume that we're going to get from the SMB space, and of course, the bigger ticket items on the enterprise space.
And surely, there'll be a little bit of an impact with respect to ARR per customer, but that's to be expected. And it's not a -- it's a positive thing. Right? We think the volume is going to continue in the SMB space, certainly with our frictionless sales model and we think that the large customers will continue to buy and expand.
Very helpful. Thanks, guys.
Our next question comes from John DiFucci with Jefferies. Your line is now open.
Thanks, first question for George and George I'm sure we all got a lot of – we all continue to get a lot of questions about the VMware/Carbon Black, so you’re going to get it – you can probably have since it's happened. But that transaction if you listen to what VMware is saying who is – I'm sure you have a lot of respect for the company what we have done, it sounds eerily familiar of – it sounds like what you guys say from a high level anyway and how endpoint is not really just endpoint but provides valuable data that can be leveraged across a lot of other areas and something that you’ve actually demonstrated.
Maybe when we – it sounds - it makes sense. I mean it makes sense to you, it make sense to them, it makes sense to us. But other vendors that have tried to do things like this, a vendor that's not a traditional endpoint vendor expanding into the endpoint to try to make a bigger – 2 plus – 1 plus 1 equals three kind of thing, one that's done that is Palo Alto Networks. I guess maybe if you can comment a little bit about competitive – on the competitive front how Palo has done at least against CrowdStrike and when you come up against them with their Traps solution and as they expanded the endpoint, it might give us some insight on what might happen at VMware.
Sure, so John you’ve been around a long time, you've seen a lot of acquisitions. I've been part of two of them. They can be messy and disruptive. And at the end of the day lots of companies that don't have necessarily security DNA are acquiring these companies. I think when you look at CrowdStrike, you look at our DNA, every day we wake up and we think about how do we protect customers from being breached and do we build the best endpoint technology? And that's what we’re going to continue to focus on.
Whether a company is standalone or part of another company it doesn't – that’s the way change the fact that there is a lot of hard work and transition that has to take place in moving from multiple agents into a cloud architecture and we've been doing this since 2011 from day one and enjoy a first move advantage.
So, I can only control what we can control, but I can tell you in the field what's most important as opposed with any other vendor saying is what customers are saying. And I think you probably know I've been on my 100 – my 100 journey which is meeting 100 customers and prospects in 100 days and I am just about at my goal, at my quota, which is a good thing.
So the feedback has universally been customers actually accelerating moving to CrowdStrike from our competitors as they try to transition from an on-premise solution which has been slow and cumbersome. We met with one customer that had almost 40 different controllers and one person just to manage their on-premise implementation.
And as other competitors try to accelerate their move to the cloud it actually just creates another buying opportunity for CrowdStrike. If they are going to look at a cloud vendor they might as well look at the best out there. So we like that dynamic. We view all these acquisitions as a net positive for us and we're excited. So that's a little bit about your first part of the question.
The second part is with respect to the Palo Alto. Again, what we see in the field is – our technology being adopted much more rapidly than our competitors. We appreciate all competitors that are out there. We take everybody seriously. I would again probably refer you back to the Magic Quadrant which is really a combination of what Gartner and customers are saying to them.
And you can look at where we’re positioned, you can look at where others are positioned, but again people are looking for the single agent architecture born in the cloud not an amalgamation of three or four different acquisitions put together. So that hopefully answers that question for you, so thank you.
It does, it does, thanks George. And if I could, Burt you mentioned the international business and it just sort of hit me, it kind of stands out 74% U.S., 26% international realizing even given the scale you're at, you're not, you're relatively young company so that makes sense. But can you bring us up to speed on your efforts to sort of exploit that international opportunity, because of course it is obviously a popular solution and it’s part of the reason that international is 26% because you started here right.
So, but it just seems like now might be, especially I don’t want to keep going back to it, I guess everybody will, but now VMware has got an international presence right? So that – they've helped somebody like Carbon Black now, like at least help their presence. So I'm just curious what’s the - urgency is the wrong word, but how quickly can we see sort of that, just bring us up to speed on your efforts to really exploit that international opportunity?
Thanks John. So to answer your question with respect to our efforts, we are putting a significant effort in the international markets. We’re pleased with our results. We’re pleased with how we've done in those markets. We’re always still being within our unit – with our unit economics whatever metric you want pull. We want to continue to be putting up on the board the results, but doing it in a very efficient manner.
And whether it’s here in the United States or in Canada or abroad, we still look at it the same way. We want to make sure that we’re not overspending in any particular region. We want to make sure we’re spending in the right order of magnitude to go after the market that is available to us. And we feel that we've been successful and we also feel that there is more to come, there is a big opportunity abroad and we want to go capture that market.
Okay just make sure Carbs got enough funds to make it happen, but listen great job guys and thank you.
Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is now open.
Hey, thanks for taking my question guys. Your new customer addition has been just really impressive. I think if our math is right I think you’ve added about a third of your base in the last two quarters. I am curious and I know you're seeing rapid adoption of multiple products even on net new sales, but when you are adding customers at this rapid pace, how do you think that that impacts sort of managing expansion and just overall retention with that sort of flywheel new customer adds?
Well, great thanks. This is George. Nothing really happens by accident. We spent a lot of time building a scalable sales architecture as we do, a scalable technology architecture. And from my perspective, what we've been able to do is really consumerize the enterprise experience. The ability to try our product, the ability to have in-app trials and user data to combine a very robust inside sales team and sliding within our products we understand what customers are doing.
So, the rapid adoption I think is reflective of what we've built, but it also is reflective and what we built from a go to market perspective not just a technology perspective. So from that standpoint we spent a lot of time making sure that the customer journey is what it should be to land at CrowdStrike and have a great opportunity to sell them at least one module. From there begins the cross-sell process and there is multiple ways to do that. A lot of it is driven by the application itself, but inside sales or our field sales team are really as important.
And I think what we have been able to do and the check-ins and making sure that customers are using all the capabilities of the products and educating them has allowed us to keep as you know as we’ve discussed in the S-1 a very high gross and net retention rate. So from my perspective it is part of being a SaaS company and having the DNA.
We didn’t start out as a perpetual license company. We didn’t start out with a bunch of different products that we had to stitch together. We started out as a cloud-based endpoint security platform and making sure that you keep your customers happy and keep them from being breached is of paramount and importance to us and that's our focus everyday when get up and get out of bed.
That's great and then George in the prepared remarks you talked about the Falcon Fund. I am curious, when you think about that as an investment opportunity, I mean what are some of the secondary benefits? Is it potential look at M&A candidates or is it just trying to make it more attractive to build on, on the CrowdStrike store?
Well, I think first and foremost, it's investing in companies that are investing in us. We believe in the CrowdStrike store. We believe that we've built, really the only platform that allows this level of what I would call platform-as-a-service for agent, for an agent infrastructure and we know the trend is consolidate agents. We know customers have come to us and said, we don’t want yet another agent, we would rather use your agent and open up that architecture.
So we believe in investing in companies who are going to embrace that – the platform that we built as well as build on top of it, so that's first and foremost. We were delighted to team up with Accel. As many know, they started as our B investor. We've got a lot of respect for them. And I think just increasing our visibility and deal flow into small innovative companies it does give us a look at other companies that are out there, certainly potential acquisition candidates, but more importantly, creating the ecosystem and we’re putting where our mouth is to make sure that our partners are successful.
That’s great. Thanks a lot guys, well done.
Our next question comes from Gur Talpaz with Stifel. Your line is now open.
Great, thanks for taking my questions. One for you George, one for you Burt. George, I have a kind of granular question here, just sort of given how many questions you’ve been getting on competition and I want to ask about developments in the tech telemetry that you collect, how it's differentiated from other endpoint vendors and then the relative value of that data versus other security data types like network generated security data. I know it’s pretty specific, but I think there is a lot of confusion out there with regard to what you do versus what everybody else does out there?
Sure thanks, let me just – let me try to start with the first part of the question. When we look at the telemetry we collect, we probably have the richest data sets of telemetry out there. We've been able to really perfect how we collect it and do that in a very performing and cost effective manner with our smart filtering which we've talked about a lot in the road show. And when we look at actually what we do, we’re able to collect that data and store it in our cloud.
A lot of our competitors actually keep most of the data resident on the endpoint, because they haven't quite figured out how to get data up to scale without breaking a lot of things or causing a financial impact to the gross margin. So, when they are looking at simple data from an EDR perspective they actually have to go back to the endpoint and create it. In fact, some of our competitors even use open source tools like osquery to go out and get the data as opposed to them actually having it which is problematic if you have an ephemeral workload which is gone.
So we believe the architecture we built is better. We believe we have the most events that you can actually pull from an endpoint. You can add more and you can customize it. So that's important for customers. And one of the things that's important is, again the ability to get data even if that workload or PC or what have you is gone and we have that all stored in the cloud. Again many of our competitors, most of them keep all of that data resident. There is a little bit of data that goes up and they have to keep clearing it.
So what I will say is, not all endpoints and EDRs are created equal despite some of the marketing noises that’s out there. If you look at network data I think the value of endpoint data is much higher than network data. Network data you've got to shift through, you've got to look at flows and at a high level. You have to understand what's happening with encrypted traffic and a lot of the attacks it's very difficult to piece together what happened just with network flows. And that's why customers are demanding visibility on the endpoint.
With our system, they can tell them that the process exactly what is happening across a fleet of hundreds of thousands of computers which you would never be able to do with a network products and network data. So again network data can be valuable in certain areas, but we believe there is an exponential difference in the value of endpoint data.
That's super helpful. And then Burt for you, last questions to you about Dell. Can you walk us through maybe some of the assumptions you are making within your guidance and your framework about potential contribution from the Dell relationship as you look forward?
Thanks Gur. So as you know right now and it's really early days as George mentioned, it’s a really nascent part of the business and always viewed it as upside for our ARR model. So today we baked very little in for the future for Dell. We want to be – we want to guide and we want to forecast based on information that we know, not what we don't know.
So that's helpful, thanks so much and congrats on the results.
Our next question comes from Sarah Hindlian with Macquarie. Your line is now open.
All right great, thank you. I have several questions, so let’s see. Okay George, well maybe starting with you, Palo Alto made some pretty bold claims last night about win rates and endpoints and well really in Cortex, EDR, and Traps. But it would be really great to hear from you guys in terms of where and when you actually do see Palo Alto and how they stack up?
Well, we don't see much of them to be candid, and I think the Gartner Magic Quadrant rather than me saying where they stack up, you can tell where the analysts think they stack up. Right? And it's not even close to us. So I’ll the reader be the judge of that. If you’re going to give it away for free that might give an indication of the value of it. But at the end of the day customers are looking for a solution that is a true single agent architecture, cloud-native, and I think our financial results, our win rates are reflective of what we've been able to do in the marketplace.
All right great. That certainly makes a lot of sense and it matches the numbers. And Burt, I have a followup for you as well. So four plus module adoption is progressing extremely well. It’s definitely ahead of what I was expecting. And I think maybe it will be great if you could update us with a bit of ranking in terms of where you see burgeoning demand in the CrowdStrike portfolio beyond some of your core EDR endpoint module?
Yes, hi Sarah. So today we’re thinking about all the modules outside of those core three as equal potential, whether it will be Discover, whether it be Spotlight as George mentioned. We see the potential of all of those to continue to help with the trend in terms of how many modules our customers have today. I think what’s interesting is that we’re seeing an accelerated pace with respect to our customers having five or more modules. So we’re encouraged by those results.
Awesome, thank you so much, congrats.
[Operator Instructions] Our next question comes from the line of Andrew Nowinski with Piper Jaffray. Your line is now open.
Okay, thank you and congrats on the quarter. I have a number of questions, I guess if I'm going to do one I'll ask on ARR. You had fantastic growth on ARR this quarter, but actually more impressive was the subscription customer growth. Given that our customer growth actually outpaced your ARR growth last quarter, or this question say, I was wondering if you can give us any additional color on how to think about ARR growth going forward because your metrics really suggest it should not decelerate going forward? Thanks.
Thanks Andrew. So again, when we think about ARR of course we don’t guide to it, but we do provide it. We think about ARR in the way we calculate it very simply. We take the ending ARR and we divide that by 4 and then we take out some concern and contraction and we add in some positive dollars for revenue in the quarter.
So I think that when we look at our ARR and we look at our projections we really do look at what we know in-house not what we don't know, we've had some success in the past in running tables. And we clearly you don't want to guide based on the fact that we're going to run the table on all future quarters.
So we've been happy with the results to date and that's how we think about our ARR. And the last point I’ll make on that is, this quarter we had no outsized deals. So they came in throughout the quarter and there was nothing there that – there were no deals there that kind of really marked the quarter.
Great, thanks Burt.
Our next question comes from the line of Erik Suppiger with JMP Securities. Your line is now open.
Yes, thanks for taking the question. Gross margin, you had nice gross margin in the quarter. I think it was probably above where the Street was, margin continuing to sustain these levels. And then could you speak to the two individual components between the subscription gross margin and the service gross margin, how we can think about going forward?
Sure, thanks Erik. So on the first part of the question we’re obviously very happy with the results. We think it's the continued success that we've had in module adoption, the hybrid cloud strategy, the operational efficiencies that we've been able to gain. So we’re pleased with where we are and certainly it smacked out in the middle of our long-term model.
And I think that for us as we think about it forward we’re going to continue to apply those same techniques and same type of philosophy with respect to how to continue to maintain and continue to accelerate gross margin expansion. We are continuing to strive to get to the higher end of the long-term range. And so we’re going to do those things that will continue to get us there.
With respect to professional services, we’re continuing to look at the markets that we're in and we will continue to price accordingly. When there is a lot of price pressure we’re going to go and we’re going to be aggressive on our pricing in various deals and it's been successful to date and we’re going to continue with that strategy.
Very good, thank you.
Our next question comes from Gregg Moskowitz with Mizuho Securities. Your line is now open.
Okay, thank you and I’ll add my congratulations on a strong quarter. Question for George, it's fairly unique to offer EDR for mobile devices and so I am curious how Falcon for mobile is resonating so far, what are your customers telling you?
Yes thanks. They’re really excited about it, because they don't have visibility into their mobile devices today. And again, our module is not an MDM it's EDR for mobile. If you look at a lot of the news reports over the last number of months, you’ve seen how many misbehaving apps are out there that people really don't even know what they're doing. So a solution like ours gives a lot of visibility into what's happening and for corporate customers that really is growing in importance.
So we've got a lot of mobile trials, if you will, happening right now. So we're excited about that. Obviously, we launched it last quarter and we're encouraged. We're excited. We will continue to iterate that module. But from a customer perspective, it really is something that, they have consternation over because they really at this point have no visibility into these critical apps that are running within their environment or within BYOD devices from their employees.
That's great. Thanks very much.
Our next question comes from Alex Henderson with Needham. Your line is now open.
Thank you very much. I was hoping you could tell me if you've seen any change in your pipeline as a result of the advent of going public, and has there been any change in the attacks coming out of China as a result of the increased tension that you're seeing there? I think you guys are uniquely positioned to answer that latter question. Thanks.
Yes, great. Thank you. So obviously there's been a tremendous amount of visibility given the CrowdStrike and what we've been able to do over the last number of months. So we view that as a positive, certainly interacting at very high levels now, CEO, Board levels. We've been there, but I think more so post-IPO. So we're excited about that level of engagement. I met with a CEO of an $8 billion company today, and they were looking at various ways and working with CrowdStrike and they were really excited. They came in just to see us here in Sunnyvale.
So I think we're getting to the table at the right levels. I think people are viewing us as a strategic component of their overall security architecture. And it's been a great event for us in terms of awareness, not only in the U.S., but more so outside of the U.S. and our international markets.
The second, I think point of your question was really on attacks from China. I mean, I guess what I would say is, whenever there's geopolitical instability, security is of the utmost importance. And whether it's a think tank or whether it's a government agency or whether it is a corporation, in times of instability, it really does drive awareness from a security perspective. So attacks will continue. They have been in place for many years, and they're going to continue and we want to be there and make sure that we're protecting our customers.
Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.
Thank you for taking my question, and congrats on the quarter and guidance gentlemen. Just one quick question, coming off from George's theme about the consolidation of the industry for legacy as well as Next-Gen antivirus solutions, has management team seen any increase in sales motion as well as win rate on the pipeline as a result of this consolidation that's going on?
Yes, I mean if you look at some of the legacy players that are selling parts of their business, I think there's been a dramatic increase in acceleration. You have a lot of customers that were sort of on a natural cadence to look at a provider like CrowdStrike and I think it has accelerated and quite candidly, that’s a huge opportunity for us, as we say and that's a massive opportunity.
So, we're excited about that. It's actually accelerated them looking at other alternatives in particular, moving from their legacy on-premise architecture to something more contemporary, like CrowdStrike. And there's been many, many conversations we've had with large enterprise customers as they look to move away.
You know why their feelings? Obviously, they want something that's more contemporary and that really is focused on that simulation architecture, AI driven model. But I think, there's real concern that the investment will not be there in some of these other providers after they get bought. And it's going to be more managed to the bottom line as opposed to really driving innovation like we do at CrowdStrike.
Thank you, George for the color, and congrats on the execution.
Great, thank you
I’m showing no further questions in queue at this time.
Great, thank you very much. Just wanted to close here. I want to thank all of you for your time today. We certainly appreciate your interest and look forward to speaking with you next quarter and again, have a great day and we'll see you soon. Thank you.
Ladies and gentlemen, thank you for your participation in today's conference. This concludes the program and you may now disconnect. Everyone have a great day.