CrowdStrike (CRWD) Q1 2025 Earnings Call Transcript

CRWD earnings call for the period ending March 31, 2024.

Image source: The Motley Fool.

CrowdStrike (CRWD -1.01%)
Q1 2025 Earnings Call
Jun 04, 2024, 5:00 p.m. ET


  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:


Good day, everyone, and thank you for standing by. Welcome to CrowdStrike fiscal first quarter 2025 results conference call. At this time, all participants are in a listen-only mode. After the speakers’ presentation, there will be a question-and-answer session.

[Operator instructions] Please be advised that today’s conference is being recorded. I would now like to hand it over to the vice president of investor relations, Maria Riley. Please go ahead.

Maria RileyVice President, Investor Relations

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, president and chief executive officer and co-founder of CrowdStrike; and Burt Podbere, chief financial officer. Before we get started, I would like to note that certain statements made during this call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the second quarter and fiscal year 2025 and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call.

While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company’s financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company’s quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP.

A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release which may be found on our Investor Relations website at or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

George KurtzCo-Founder, President, and Chief Executive Officer

Thank you, Maria, and thank you all for joining us for our first earnings call of fiscal year 2025. We start the year from a position of momentum and exceptional strength, outperforming our guided metrics. Our AI-native platform wins at scale every geography, every market segment, and every solution area. CrowdStrike delivered a record Q1: record Q1 net new ARR of $212 million, growing 22% year over year; record ending ARR of $3.65 billion, growing 33% year over year; record subscription gross margin of over 80%; and record free cash flow of $322 million, reaching 35% of revenue and a free cash flow Rule of 68, making us the only cybersecurity vendor of scale delivering this level of growth and profitability.

We achieved all of these records while closely managing every P&L line delivering significant year-over-year operating leverage and our fifth consecutive quarter of GAAP profitability. Even as we continue investing in growth, we’re adding sales capacity, investing in our market-leading brand, and accelerating innovation while firmly on the path to $10 billion in ending ARR. The foundational theme underpinning CrowdStrike’s results is the power of the Falcon platform to consolidate cybersecurity at scale. This is coupled with the market’s unequivocal desire for a single AI-powered software platform consolidator.

We’re landing with more modules than ever before. The number of deals involving cloud, identity, or Falcon Next-Gen SIEM modules more than doubled year over year, and we’re closing some of our largest deals ever. We’re consistently hearing that customers want to partner with us as they consolidate, standardizing their cybersecurity future on the Falcon platform and investing their trust in CrowdStrike as cybersecurity’s North Star. Let me explain why.

We built the right architecture from the start, the industry’s lightest weight, easiest to install sensor embedded with AI, no system reboot required a single AI-native platform console, not disparate stitch together or siloed multi-platforms. Our architecture built from the start, with what I refer to as gold-plated plumbing, allows the Falcon platform to gracefully land, retrieve data once, and then slight infinite security, IT, data, and compliance capabilities without any friction. This is the definition of a true platform, and our platform strategy from inception continues to deliver the results. Deals with eight-plus modules grew 95% year over year.

Our 28 modules are best-in-class on a stand-alone basis as rated by applicable leading industry analysts, yet combined and natively built into single Falcon platform, our solution modules work even better together, unlocking customer value characteristics of a virtuous flywheel. The sum of platform adoption is even greater than the individual parts. The Falcon platform’s differentiated architecture creates a technological competitive moat around our ability to be cybersecurity’s premier platform consolidator. This is something you can’t acquire or fix later.

You must build it right from the start. Our platform architecture delivers the following unique customer outcomes. Through consolidation, the Falcon platform delivers faster and more effective cybersecurity than ever before, our AI-native platform is consistently evolving to close the gap between detection and response, compressing alert to resolution time scales from days and hours to seconds and real time. And now with Charlotte AI, customers are experiencing more platform utility at faster speeds, shrinking hours of their security workdays into minutes.

Threat hunting is supercharged. Response and remediation are revolutionized. The AI-powered stock is no longer a vision, it’s a reality. We stand out in our ability to secure diverse attack services with the industry’s highest protection levels, spanning cloud, data, device, identity, third-party sources, and beyond, natively alerting in one place and automatically responding across the platform at machine speed.

There’s no console, hide-and-go-seek, no separate platforms with their own UI languages, no multi-agent bloat, and no stitch data silos. Through consolidation, the Falcon platform delivers extreme cost savings. The more modules customers adopt, the more cost savings they realize. The Falcon platform consolidates point and pseudo platform vendors across point cloud security fragments like CWP, CSPM, ASPM, ESPM, and CIEM products, identity protection, SIEM, threat intel feeds, data protection and VLP, vulnerability management, attack service management, compliance, endpoint management suite and legacy AV and next-gen AV and EDR.

As an industry, organizations are buying many promises, Unfortunately, they are left with wasteful shelfware, point product learning curves, and features that fail to deliver end-to-end outcomes. The longtime cybersecurity adage of defense and depth has led to a new phenomenon, expensive depth consolidating on the Falcon platform reverses the ever-increasing cost curve. A recent IDC report quantifies CrowdStrike extreme cost savings for every dollar invested in Falcon Solutions, our customers recognize $6 of cost savings. Our customers came to us asking for new ways to adopt the Falcon platform even faster.

Instead of acquiring Falcon module by module, we developed the Falcon Flex subscription model. Falcon Flex customers enjoy the best prices for the products they want today and tomorrow while eliminating procurement and legal cycles for module use. The outcome for CrowdStrike is even broader platform adoption. Unlike vendors who pedal wasteful ELAs, our customers utilize what they purchase because when you buy what you want and need, when you want to need it, utilization is natural.

We’re not reclassifying, recounting, or repositioning existing business to concoct perceived platform value. When a platform delivers real value, you don’t have to give it away. In the three quarters since we’ve built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $500 million in deal value, growing our share of customer wallet while consolidating and simplifying their security. Applying IDC’s analysis would imply Falcon Flex has assisted customers in saving more than $3 billion that would have been spent on other products.

Now, that’s extreme cost savings and indicative of the platform momentum we are seeing with new and existing customers. Through consolidation, the Falcon platform delivers innovation to solve tomorrow’s cybersecurity as well as broader IP and data problems. Our position as cybersecurity’s consolidation platform keeps CrowdStrike innovating to lead the industry forward. This focus has allowed us to ship game-changing products at rapid pace.

Within months of our Bionic acquisition, we fully integrated ASPM into our Falcon Cloud Security Suite. Over the past few months, we brought our LogScale Next-Gen SIEM into the console of all of our customers, feeding their utilization of Falcon to replace legacy SIEMs. And more recently, following yet another major Microsoft breach in CIS’ Cyber Safety Review Board’s findings, we received an outpouring of requests from the market for help. We decided enough is enough, there’s a widespread crisis of confidence among security and IT teams within the Microsoft security customer base.

At the request of organizations saddled with Microsoft E5 licensing, we delivered Falcon for Defender, a platform on ramp to help organizations of all sizes start utilizing Falcon to secure their Microsoft Defender usage. Falcon for Defender is delivered via the CrowdStrike sensor encompassing our industry-leading OverWatch threat-hunting services as well as mission-critical reporting to help security teams do their job. With Falcon for Defender organizations using Microsoft now have what we call V-Squared, validation, and verification, a missing third-party protection layer for their security programs. And with our sensor already deployed on customer systems, we’re dropping anchor on the beachfront real estate to not only transform cybersecurity but also stop breaches.

Feedback has been overwhelmingly positive. CISAs now have the ability to reduce monoculture risk from only using Microsoft products and cloud services. Our innovation continues at breakneck pace multiplying the reasons for the market to consolidate on Falcon. Thousands of organizations are consolidating on the Falcon platform.

There are a few that stood out from the quarter: a seven-figure deal in a Fortune 100 healthcare company who is using Microsoft and experienced a breach. Our industry-leading IR team deployed more than 46,000 sensors in days, stopping the adversary, restarting business, and importantly, keeping this business out of promotional vendor fanfare. This customer immediately adopted Falcon Complete Identity, Falcon Cloud Security, LogScale Next-Gen SIEM, and Charlotte AI. In addition to removing Microsoft security products, they were able to move off their vulnerability management vendor and their legacy SIEM-2.

The consolidation outcome a 75% reduction in agent footprint by consolidating to our single agent and a 700% improvement in mean time to detect and respond taking average alert triage times from four-plus hours down to minutes. We stopped the breach, displacing more than three vendors along the way, and now this customer experiences not only lower TCO but also cybersecurity outcomes they hadn’t thought possible. A seven-figure deal in a large Middle Eastern power and utilities provider that experienced many incidents using a regional point product endpoint vendor. These incidents were each preventable with the Falcon platform’s AI defenses.

Standardizing the Falcon platform, this customer adopted CrowdStrike for endpoint, identity, cloud, and next-gen SIEM, consolidating five security vendors down to just one in a few short months during the deal cycle. Lastly, our focus on solving cybersecurity and IT use cases inspired a multinational services customer headquartered in Japan to consolidate on the CrowdStrike in a seven-figure expansion deal, acquiring four additional modules, they successfully eliminated TM, a legacy AV vendor, and their vulnerability management provider. This deal illustrates existing customers taking the opportunity to further consolidate on Falcon beyond just security. We have the platform, data gravity, and trust to make consolidation turnkey for security and IT teams alike.

These deals highlight the tempo and scale of Falcon consolidation. It’s not on a PowerPoint slide, it’s inside a single console with a single sensor and delivered on a single platform. What we see are prospects and customers using consolidation as an opportunity to transform trading expense and depth for cybersecurity that’s better, faster, and more cost-effective. Consolidation isn’t just a phenomenon happening with end customers.

It’s also a priority embraced and prioritized by our partners, too. In our MSSP business, one of our fastest-growing segments, partners are coming to us to migrate their customers off legacy and substandard point products as well as multi-platform vendors. In a large seven-figure deal eSentire, and industry-leading MSSP selected the Falcon platform to migrate hundreds of Carbon Black customers in mass, representing an excess of nearly 0.5 million endpoints. This is a prime example of an industry-leading MDR that developed their own award-winning services on the Falcon platform, consolidating on CrowdStrike.

In our expanded partnership with Mandiant and Google Cloud announced at the RSA conference, Mandiant is migrating its Mandiant Managed Defense MDR customers to the Falcon platform. Recognizing our market leadership and the need to deliver services on the best technology platform, CrowdStrike is the natural choice to migrate their customers off legacy AV and other point products. In our channel ecosystem at large, we’re seeing partners deprioritizing other vendors on their line cards to consolidate their time, head count, and go-to-market focus on CrowdStrike. Our top 50 partners in every geo are growing and telling us they’re doing less and less with other vendors, instead increasing their focus and business results on Falcon.

Partners are a key driver of market consolidation, both representing our technology to their end customers and also consolidating their efforts away from anecdotal declining point feature vendors. The power to consolidate on a single platform requires having the right technologies at the right time, delivered on the right platform. Our investments in hyper-growth solution businesses continue to deliver market-leading capabilities and record results. Here’s our Q1 color on cloud security, identity protection, and LogScale Next-Gen SIEM as well as several platform innovation areas.

Cloud utilization is reaching unprecedented highs. This is largely driven by the AI revolution of the past few quarters. Today, every company is or is quickly becoming an AI company. Every CISO, CIO, and board member I speak with is experimenting with using AI in new ways.

We all know that AI is transformative, and this transformation is happening in public and private clouds. The cloud is foundational technology for building AI models, operationalizing AI, and integrating AI into existing technologies. The only way to safely harness the transformative nature of AI is through best-in-class security that operates at the speed and scale of AI built natively with AI with CrowdStrike. As hyperscalers print remarkable results, as NVIDIA continues to amaze, and as AI hardware spend reaches Gold Rush levels, estimated to be north of $60 billion in the last 12 months, CrowdStrike is at the epicenter of securing the workloads driving the AI revolution for the next conversation.

Jensen Huang, founder and CEO of NVIDIA, recently validated this, stating in our Q1 partnership announcement that “pairing NVIDIA accelerated computing and Generative AI with CrowdStrike cybersecurity can give enterprises unprecedented visibility and to threats to help them better protect their businesses.” And this is why industry leaders across every vertical, including the GenAI companies themselves, are choosing Falcon Cloud Security to secure their heterogeneous cloud environment, consolidating multiple point products on the Falcon platform. Here is a lighthouse example. One of the world’s leading hyperscalers grew their adoption of the Falcon platform, standardizing on the Falcon cloud security in an eight-figure deal. In a public press release, this customer and partner extolled the unified nature of our security platform and their ability to consolidate multiple cloud security point products on Falcon cloud security.

Our joint go-to-market partnership has evolved to focus on Falcon Cloud security where CrowdStrike rises above other vendors to enable secure cloud consumption. Driving our cloud security customer wins is the market embracing our runtime-centric cloud detection and response vision that focuses on real-time cloud visibility and protection, offering features like cloud attack path analysis, API-based side scanning, and most recently integrated ASPM and CVR, sets us apart as the only solution in the market that spans code application to the infrastructure on which everything runs. Our latest acquisition of Flow furthers our competitive moat, adding in the industry’s only runtime DSPM, securing data both at rest and in motion. Falcon Cloud Security has surpassed a garden of unicorns, decacorns, and legacy vendors as one of the largest cloud security businesses in the market.

As of Q1, Falcon has been selected by 62 of the Fortune 100 as their cloud security provider of choice. CrowdStrike pioneered the creation of the Identity detection and response category. Our identity protection module continues to be the only single-agent solution on the market, giving us a major competitive advantage. Our active directory expertise has evolved to now support increasingly popular cloud identity solutions such as Microsoft Entra ID, formerly known as Azure AD, giving us the ability to support diverse customers wherever their identities reside.

Our sustained focus on identity protection continues to pay dividends, not only winning deals but also with industry analysts, where CrowdStrike was named the Overall Leader in KuppingerCole’s inaugural ITDR Compass. A key customer went from the quarter includes a seven-figure deal with a large healthcare provider who is stuck in a Broadcom contract and increasingly being pushed toward a multi-platform hardware provider’s patchwork products. Our Identity Threat Protection module was a game changer for this customer, deploying us to more than 100,000 devices and allowing us to replace these other two vendors. Identity protection led to an 85% better mean time to respond for identity-based attacks and motivated this customer’s significant cyber transformation.

One of the solution areas I’m most excited about is our LogScale Next-Gen SIEM business. There’s certainly no shortage of market activity in the SIEM space where consolidation is afoot with M&A activity impacting Splunk and more recently, Exabeam and QRadar, more happened in the SIEM market over the past few months than in decades. In the wake of this consolidation, the demand environment is right. Each of these consolidation moves create immediate opportunity zones.

Organizations are iconic classically questioning their legacy SIEM choices and looking for new, better, and more cost-effective ways to run their stock in the AI era. With CrowdStrike representing more than 80% of the data going into today’s SIEM, we are naturally placed to disrupt consolidate, and chart the future of the SIEM market. This is because our LogScale Next-Gen SIEM is already natively in the Falcon platform, already ingesting, visualizing, and actioning all first-party CrowdStrike data for all of our customers. While other vendors must buy their way into this market, acquiring legacy technology, our flag is already firmly planted and flying.

Our goal is to win the hearts and minds of customers through superior technology and outcomes, not ELAs, forced migrations, and traps. Here’s why we’re winning. We have the right technology. Our next-gen SIEM immediately solves one of the biggest and most costly SIEM challenges ingestion of data.

CrowdStrike data natively resides in the platform, requiring zero transportation costs, zero storage cost, and zero configuration. We have also made it easy to ingest data from third-party sources. Once the data is in the platform, users benefit from our head-turning incident workbench, providing curated alert visualization delivering on the promises of XDR like never seen before. Our next-gen SIEM is created for security users by security users, making running a cybersecurity program easier and more data-driven.

And coupled with Charlotte AI, going from an idea to action, context to conquest, and of course, detection to response is supercharged for the AI era. And our recent partner symposium in Asia and Europe, we received standing ovations with viewers commenting that next-gen SIEM is our biggest industry-changing innovation. We have the content with over 500 integrations we welcome data from all sources to call the Falcon platform home. While many competitors are closed and complicated in what data they ingest, we are open, the melting pot of cyber and IT data.

Our ecosystem is a proxy for the cybersecurity market at large. For years, we’ve collaborated closely with ISVs of all kinds from start-ups and innovators in our Falcon Fund portfolio to industry stalwarts across cybersecurity in the broader IT market. With hundreds of native vendor-specific connectors as well as a generic login gesture, bringing data into next-gen SIEM is easier and faster than ever before. And once the data is in, cybersecurity experiences are enriched with the Falcon platform illustrating alert-specific, attack surface-specific, and campaign-specific events coupled with automated response through Fusion SOAR playbooks and Charlotte AI actions.

To date, Fusion SOAR is used by 47% of our top 5,000 customers. We have created more than 135,000 custom workflows, processing more than 155 billion signals weekly to automate actions across the Falcon platform and third-party products. We have the right services, helping organizations move into their next-gen SIEM as a partner-led opportunity. Today’s SIEMs were installed, configured, and oftentimes managed by partners.

Partners see where the puck is going and have approached CrowdStrike to build their next-gen SIEM practices. These practices span data governance, data movement, dashboard configuration, and automation response creation as well as managed SIEM services. System integrators like Deloitte, EY, HCLTech as well as SIEM-specific partners like Net Builder are leading the movement with CrowdStrike as their next-gen SIEM platform of choice. Here’s an example of a noteworthy customer win.

The Global 2000 manufacturing and machine system conglomerate, with more than 100,000 employees left Splunk for LogScale Next-Gen SIEM in an eight-figure deal. Together with Accenture, we were able to successfully and swiftly migrate numerous data sources as well as ongoing SIEM management to the Falcon platform, delivering the outcome of consolidation cost savings as well as longer data retention and faster alert response times. We have the technology platform, the content, the partners, the customers, and the native data gravity to transform the SIEM market, and it’s happening right now. Outside of our cloud identity and next-gen SIEM hypergrowth businesses, new platform innovation areas are quickly taking flight.

Demand for each of these products is exceeding our expectation, driven by both the innovative nature of our technology but also secular consolidation market factors and frustration with legacy incumbents. First, data protection. Frustration with legacy DLP remains at a fever pitch or logging into these products as akin to taking a time machine back to the ’90s. In a little more than a quarter, we sold our data protection module to several hundred customers, many of which are Fortune 1000 accounts delivering results indicative of a hyper-growth start-up.

We win because we scratched the consolidation itch, delivering the compliance necessities without anything new to deploy and manage. Data protection, coupled with Flow’s DSPM are important components of our ability to natively secure AI as well. And with data becoming increasingly important for AI model development, customers want more than back in the disaster recovery for the data. Data protection is laying the groundwork for another multibillion adjacent Falcon market.

Next, Falcon for IT. The desire to move away from endpoint management point products is pronounced and exceeding our expectations. Organizations are looking to Falcon to deliver enterprise search, patching deployment, device health, and more, all from the same sensor. It’s a very logical add-on and our pipeline is already in the eight figures since shipping this module a little more than a quarter ago.

And lastly, Charlotte AI, every CISO is eager to see their employees become more productive. Every CISO wants their cybersecurity to be faster. The productivity gains are real and the benefits of making cybersecurity easier, conversational, and instant multiply the cybersecurity outcomes the Falcon platform creates. While still early, our POV close rate is close to 90% and reflecting excitement for Charlotte AI.

Despite each of these solutions areas being young in the Falcon nest, the feedback from prospects, customers, and partners show us we’re on the right path for these technologies to be meaningful growth drivers and competitive differentiators. CrowdStrike’s innovation engine is just another reason why customers have confidence in Falcon as cybersecurity’s platform consolidator for today and tomorrow. In closing, I’m excited about the consolidation CrowdStrike is driving in the market. The business results we’re delivering and most importantly, the Falcon platform’s signal impact of stopping breaches.

Over the past 12 months, our industry-leading incident responders in our partner network use Falcon to respond to thousands of breaches, cementing CrowdStrike as the industry’s incident response authority. These engagements often convert to net new Falcon customers. Delivering a Q1 like the one we’re announcing today is a strong reflection not only of the technological superiority of the Falcon platform but also of the passion, the tenacity, and the mission focused from the very best team in cybersecurity. While the talent war is ongoing, CrowdStrike remains a career destination.

Many vendors take great pride in Best Place to Work designations. I’d like to point to a figure that dimensionalizing CrowdStrike as cybersecurity is very Best Place to Work. Over the past five quarters, we received more than 687,000 applications from individuals who want to work for CrowdStrike. These professionals decided that CrowdStrike professionals decided that CrowdStrike would be the ideal venue to build a career.

In hiring low single-digit thousands of these individuals, our acceptance rate is low, a lower acceptance rate than to every Ivy League institution. It’s figures like this one that send a clear message to me, to CrowdStrikers, to customers, the partners, the prospect, to the cybersecurity community, and to the market at large, the very best talent builds the very best cybersecurity, and we have ample runway ahead of us to revolutionize, innovate and, of course, consolidate this year and well into the future. I’ll now turn the call over to Burt for our financial updates. Thank you.

Burt W. PodbereChief Financial Officer

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today are non-GAAP. Additionally, the results we are reporting today include the acquisition of Flow Security, which closed during the quarter and was de minimis to revenue and ARR. CrowdStrike delivered an exceptional start to the fiscal year, driven by strong execution and increased platform adoption, as customers prioritize their cybersecurity budgets around consolidation on the Falcon platform, driving bigger deals and increased wallet share.

We have demonstrated a consistent track record of execution, profitably scaling the business to new heights. In Q1, we achieved net new ARR of $212 million up 22% year over year, bringing ending ARR to $3.65 billion, up 33% over last year. Demand in the quarter was broad-based across the platform. Our strong win rates remained consistent with the prior quarter, and we built a record Q2 pipeline.

As George discussed, the Falcon platform’s unique ability to consolidate multiple vendors along with the early success of our Falcon Flex program drove bigger consolidation deals in the quarter. Customers are embracing CrowdStrike’s platform strategy more than ever as evidenced by the number of deals with eight or more modules, which grew 95% over Q1 of last year. Subscription customers with five, six, and seven or more modules grew to 65% and 28% of subscription customers, respectively, and the number of deals involving cloud, identity, or Falcon Next-Gen SIEM modules more than doubled year over year. Additionally, our dollar-based gross and net retention rates were consistent with our expectations as we are executing well across landing, retaining, and expanding with our customers.

Moving to the P&L. Total revenue grew 33% over Q1 of last year to reach $921.0 million. Subscription revenue growth accelerated to 34% over Q1 of last year to reach $872.2 million. Professional services revenue was $48.9 million representing 18% year-over-year growth.

The geographic mix of first-quarter revenue consisted of approximately 68% from the U.S. and 32% from international geographies. Record total gross margin of 78% increased by 26 basis points year over year. Record subscription gross margin of 80% increased 32 basis points over the prior year, driven by investments in data center and workload optimization and a consistent pricing environment.

Total non-GAAP operating expenses in the first quarter were $522.5 million or 57% of revenue compared to 61% of revenue in the prior year. As planned, in Q1, we increased our pace of hiring, growing total head count by 15% year over year as we invest in scaling the business to $10 billion in ending ARR and capture the massive opportunities ahead of us. In the first quarter, non-GAAP operating income grew 72% year over year to reach $198.7 million, and operating margin increased by five percentage points year over year to reach 22%. We, once again, delivered GAAP profitability, which grew to $42.8 million, up significantly over Q1 of last year.

Non-GAAP net income attributable to CrowdStrike grew to $231.7 million or $0.93 on a diluted per-share basis. Cash and cash equivalents grew to a record $3.70 billion and free cash flow grew 42% over Q1 of last year to reach a record $322.5 million or 35% of revenue increasing to achieve a Rule of 68 on a free cash flow basis. Before I move to our outlook, I’d like to provide a few modeling notes. First, we are encouraged by the momentum we see across the business and pleased by our strong execution to start the fiscal year. While the macro environment remains challenging, the unique capabilities and data gravity of the Falcon platform, coupled with our Falcon Flex program are driving larger platform deal sizes, consistently strong win rates, and record levels of pipeline for the year.

With that in mind, we continue to maintain a consistent and prudent approach to our outlook and assumptions amid a macro environment that remains challenging. While we did not specifically guide to net new ARR, our net new ARR year-over-year growth assumptions for the second quarter of the fiscal year are at least double digits, up to the low teens. And second, we are maintaining our free cash flow margin target of 31% to 33% of revenue for the full fiscal year 2025 and expect Q1 to Q2 seasonality similar to last year. Moving to our outlook.

For the second quarter of FY ’25, we expect total revenue to be in the range of $958.3 million to $961.2 million reflecting a year-over-year growth rate of 31%. We expect non-GAAP income from operations to be in the range of $208.3 million to $210.5 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $245.7 million to $247.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.98 to $0.99, utilizing a weighted average share count of approximately 250 million shares on a diluted basis. We are raising our guidance for the full fiscal year 2025.

We currently expect total revenue to be in the range of $3,976.3 million to $4010.7 million, reflecting a growth rate of 30% to 31% over the prior fiscal year. Non-GAAP income from operations is expected to be between $890.1 million and $916.5 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $985.6 million and $1,012 million. Utilizing approximately 251 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.93 to $4.03.

George and I will now take your questions.

Questions & Answers:


Thank you. [Operator instructions] Please stand by while we compile the Q&A roster. And our first question comes from the line of Andrew Nowinski with Wells Fargo. Please proceed.

Andy NowinskiWells Fargo Securities — Analyst

OK. Thank you, and congrats on another amazing quarter, particularly in a tough environment where every single one of your peers has put up pretty mediocre results this quarter. So, you have so many interesting things going on with cloud and identity and SIEM. But my question will stay focused on the SIEM offering, which I think you’ve done a really nice job building out.

It clearly has a lot of advantages over the legacy vendors like Splunk and QRadar. And now, it seems like the SIEM market in general has been revitalized. So, I’m wondering, how are you thinking about the opportunity with your SIEM solution going forward? And what are the — what are you seeing in terms of Splunk and QRadar displacements, which are obviously some of the largest potential share owners? Thanks.

George KurtzCo-Founder, President, and Chief Executive Officer

Thanks, Andy. So, when we look at this market, as I’ve said in my prepared remarks, we’ve seen more movement in the last year than 10 years. And I think a lot of the various factors in play in the market, M&A, and various partnerships and the like have really contributed to a broad interest and adoption of our technology. If you look at what we’ve done and what we’ve talked about for some period of time, 80%, 85% of the data that goes into a SIEM comes from the endpoints themselves.

So, having this type of capability natively built into our platform now gives us data gravity. And we’ve got all of our customers enabled for next-gen SIEM and that’s one of the things I really want to reinforce all of our customers are now enabled. Now, it becomes a sales motion to be able to convert them into next-gen SIEM customers. And given the movement in the marketplace, we’ve got many, many customers reaching out dissatisfied with their current vendors and also interested in leveraging a completely integrated solution with the data they already have.

So, we think this is a massive, massive opportunity for us. And given what we’re doing in the space and the innovations we’re driving, particularly with AI and the data we have, we think it’s going to be a many multiyear journey of opportunity for us in a very antiquated space and one that’s ripe for disruption.


Thank you. One moment for our next question. And it comes from Saket Kalia with Barclays. Please proceed.

Saket KaliaBarclays — Analyst

OK, great. Hey, George. Hey, Burt. Thanks for taking my question here, and nice start to the year.

George KurtzCo-Founder, President, and Chief Executive Officer

Sure thing.

Saket KaliaBarclays — Analyst

George, maybe for you. You know, I thought the AWS win that you announced publicly intra-quarter was interesting. And of course, you’ve talked about them as a key customer and partner for CrowdStrike in the past. Can you just dig into how you’ve maybe expanded that relationship, particularly around cloud security? I think you referenced it a little bit in your prepared remarks, but could you maybe flesh that out a little bit? And also, touch on how that’s maybe setting CrowdStrike apart competitively in the cloud security market.

George KurtzCo-Founder, President, and Chief Executive Officer

Sure. And when we look at our cloud offerings, as we’ve talked about in the past, we’ve built an incredible portfolio of capabilities from code to cloud and everything in between, whether that’s agent-agentless entitle management, etc. So, I think it’s really reflective of what we’ve built and the technological advantages that our offerings have for our customers. When you look at someone like AWS, they’re obviously looking for the best cloud technology in the market, and we believe we have it.

And it’s fantastic to be able to continue to expand our relationship there. This was also a Falcon Flex deal. And I think, again, reflective of the fact that customers want to do more with us, they want to buy more and we’re giving them the opportunity to do this. And in fact, second, while we’re on the call, we actually just won another award Best Cloud Security Solution by SC Europe followed up by another five wins.

So, as I’ve said for many years, and you’ve heard me say it, the best architecture, the best technology starts from the beginning, and it can’t be stitched together. And I think these wins really highlight what we’ve been able to do and how we’ve been able to deliver on what we’ve built since I started the company.


Thank you. One moment for our next question, please. And it is from the line of Brian Essex with JPMorgan. Please proceed.

Brian EssexJPMorgan Chase and Company — Analyst

Hi. Good afternoon, and thank you for taking the question. And congrats from me as well on a nice set of results. George, I was wondering if you could maybe just broadly talk about the emerging products on the platform.

And now that they’re becoming meaningful in scale, I think last year, you kind of — or last quarter, you referenced that they’re each kind of IP-able segments in their own right. How often are you leading with individual solutions that are emerging solutions, whether it’s LogScale or identity or cloud versus leading with the platform and pulling some of those emerging products onto the platform? Just want to get a sense of maybe how the go-to-market might be changing there. Thank you.

George KurtzCo-Founder, President, and Chief Executive Officer

Yeah, it’s a good question. And I mean, I think in general, we’re leading with the platform, but maybe to focus in on the heart of your question, which is we have various use cases for the platform. So, we may have a customer that comes to us and says, “Hey, we’re using a legacy SIEM. We want something better.” Right? We may have a new prospect that says the same thing.

We’re using legacy SIEM, and we want to explore what CrowdStrike can offer us. We have plenty of new customers that come to us and say, “Hey, we need a better solution in our cloud because what we have is not working or doesn’t give us the full spectrum of capabilities.” So, we can land with something specific to that customer’s use case. And that’s — a lot of times they’re looking for something that they need to solve immediately. And of course, we’re selling the value of the platform.

So, whether it’s an existing customer or a new one, we’re focused on delivering the full value of the platform but solving their use cases today and into the future and obviously consolidating on what they have in place in terms of legacy. You heard some of the incredible stats and delivering more value at a lower cost.


Thank you. One moment for our next question, please. And it comes from the line of Tal Liani with Bank of America. Please proceed.

Tal LianiBank of America Merrill Lynch — Analyst

Hi, guys. Two questions. First is SBC went up 40%, and that’s on the back of 28% increase last year. That’s a material increase from previous quarters.

Can you talk about stock-based compensation? And what’s the driver for this? And then second, on the results. So, for your platform sales, total pricing is going up because you can bundle in more and more components. But does it mean for those who are selling point solutions that pricing is coming down? The fact that you and others are driving platform, does it result in individual component pricing coming down? Can you talk about the pricing environment? Thanks.

Burt W. PodbereChief Financial Officer

Thanks Tal. Hopefully, you can hear me.

Tal LianiBank of America Merrill Lynch — Analyst

I can hear you. Can you hear me?

Burt W. PodbereChief Financial Officer

Yep, I can hear you. Thanks. So, let’s talk about SBC. So, first, as I think about SBC, I think about dilution, right? SBC in and of itself really doesn’t tell you a whole lot until you get into dilution or until you look at EPS.

So, for us, dilution, as I’ve stated many times, we’re looking at around 3% for the year, and that’s well within our — in terms of our expectations. In terms of the pricing environment, the pricing environment for us is — we’re in a consistent area for ourselves. And how it impacts other point solutions, what you can see by our results, where — when people want to consolidate with us people want to actually go to one single platform, one single agent, one single console. Those are — all those things combined together, those are the things that are making us win.

So, as I think about the pricing environment, I think about an advantage to Crowd given our single platform given the fact that we have 28 modules to choose from.


Thank you. One moment for our next question, please. And it is from Hamza Fodderwala with Morgan Stanley.

Hamza FodderwalaMorgan Stanley — Analyst

Hey, everyone, good afternoon, and very solid results and a strong start to the year. George, you spoke a little bit about public sector. There was an article last month about the State Department looking to really broaden their security vendors beyond Microsoft, which you mentioned in your prepared remarks. I’m curious how is that conversation going with some of those federal agencies who are looking at CrowdStrike.

And how is the pipeline trending particularly ahead of the September fiscal year closing fed?

George KurtzCo-Founder, President, and Chief Executive Officer

Well, when we think about the federal market, obviously, the buying cycles happened mostly in the third quarter for them, but we continue to maintain our momentum and gain momentum in those areas. Many of the challenges that we’ve seen over the years from organizations outside of the public sector continue to plague the government. And when you look at the additional budget that’s being released into these governments given cybersecurity’s importance, we think we can play a meaningful part in those opportunities. So, from our perspective, we continue to gain and, I think, deliver technologies.

And now, if you look at next-gen SIEM, we think there’s a massive opportunity in the federal space for our products.


Thank you. One moment for our next question, please. And it is from the line of Matt Hedberg with RBC.

Matt HedbergRBC Capital Markets — Analyst

Great, guys. Thanks for taking my question. I offer my congrats as well. Obviously, a difficult selling environment, you guys are doing really well.

George, I had a question for you. The success you had with Charlotte AI, I think you said 90% POV close rates is great to hear. I know it’s still early, but I guess in the spirit of a customer’s overall GenAI journey, one of the things we’re hearing is that that could potentially slow down deal cycles for broader software — the broader software landscape. I’m wondering, as your customers adopt your AI platform, maybe more specifically Charlotte AI, are they seeing faster time to production for GenAI application? In other words, does it speed up a customer’s GenAI journey?

George KurtzCo-Founder, President, and Chief Executive Officer

Yes. I think what we’re seeing is that customers are really embracing the fact that we can reduce their operational workload for their stock analysts. We can take hours of mundane front work and turn it into minutes. And not only answer questions with the collective wisdom and knowledge that CrowdStrike has developed over the many years but also drive automation.

We talked about the Falcon Fusion or technology built in. So, when they look at what we’ve built and how we can save time, and how we can drive AI automation into an AI-native SoC, I think this is really important for them. And overall, I think it’s a fantastic technology. And as I mentioned, we won a few other awards, while we were on the call, we actually won Best AI category for SC Awards specific to Charlotte.

So, we’re delivering on our promises, and this is real technology in the hands of customers today.


Thank you. One moment for our next question. From Fatima Boolani with Citi. Please proceed.

Fatima BoolaniCiti — Analyst

Thank you for taking my questions. George, I’m going to ask you a very high-level question just with regards to the $10 billion ARR target. You’ve reemphasized it, you’ve reaffirmed it with a lot of confidence, and there’s a lot of reasons anticipate why that’s going to be a very likely outcome. But I wanted to ask you very specifically — what do you feel like will help your relative velocity in attaining that sort of bogey? So, frankly, what would have to go really right for that outcome to be realized within three years versus five years, appreciating that you haven’t put a time frame on it.

And I can appreciate there’s no shortage of product. You’ve seen so much momentum in Falcon Flex and a lot of the platform anecdotes that — platformization anecdotes, dare I say that, that you shared. But would love to kind of get your perspective on what could change your relative velocity to that ARR target.

George KurtzCo-Founder, President, and Chief Executive Officer

Sure. I think there’s probably two key points there, and then I’ll see if Burt wants to chime in. When we look at our ability to consolidate, and I talked about in the call, Falcon Flex, I think is a game changer for a lot of customers, buying more, buying bigger, leveraging the platform and you see velocity of adoption using Falcon Flex. So, really excited about that and what it’s going to mean for CrowdStrike.

The second piece, again, as I talked about in my prepared remarks, is that next-gen SIEM is natively built in. So, rather than sending data out somewhere else and paying for the transport costs and all the complexity around that, the bulk of the use cases and the data that’s generated that goes into a SIEM is already in the platform of choice for customers, and we see that being a meaningful opportunity for us to massive market opportunity. And then other things like data protection. I talked about that.

That is an industry or technology that’s ripe for disruption. It’s the definition of legacy. And we’ve got a fantastic product around it and combine that with Falcon for IT, leveraging the single-agent architecture to do more than just security these are all meaningful drivers for growth. Any other comments, Burt, on that?

Burt W. PodbereChief Financial Officer

Yeah. Thanks, George. So, one of the things that we talked about at Falcon was the $10 billion ARR number in five, seven years. And along with that, we give an illustrative example of some of the things that will get us other than what George just talked about in terms of TAM.

We talked about cloud being around in that same time frame, $2.5 billion to $3 billion. We talked about identity being $1 billion to $1.5 billion. We talked about next-gen SIEM being $1 billion to $1.5 billion. So, you start adding up those numbers and you get more and more confidence in terms of being able to attain that number.

That’s how we think about it internally.


Thank you. One moment for our next question, please. And it is from Gabriela Borges with Goldman Sachs. Please proceed.

Gabriela BorgesGoldman Sachs — Analyst

Hi. Good afternoon. Thank you for taking my question. George and Burt, I wanted to follow up on one of the earlier questions on AI.

And more specifically, when you talk to your customers, and they start planning out the Generative AI projects, how does that impact the type of securities plans? To what extent are you seeing scenarios where you may be seeing a pause in budget or maybe an acceleration in budget? And maybe as part of that, George, if you could just touch on, help us understand the technical differences between protecting, call it, a classic cloud workload versus a cloud workload that’s running in LLM or connecting to an LLM? Thank you.

George KurtzCo-Founder, President, and Chief Executive Officer

Sure. So, we see the opportunity growing. And a number of years ago, we talked about the cloud opportunity. We thought that was underrepresented by some of the market researchers.

And now, when we think about the proliferation of new hardware, just look at how much new hardware has been procured over the last six to eight months, right? A lot of that is going toward generative AI workloads. And you’ve seen the announcements with NVIDIA. These workloads continue to be something that needs to be secured and will be, I think, a huge opportunity for CrowdStrike, given what we’ve built and the fact that not only can we tell you what may be misconfigured but our cloud workload protection is really is a hallmark of what we do at CrowdStrike, and it’s providing real prevention capabilities into these workloads, which consistently come under attack. So, that’s the way I would look at it, as a huge opportunity for us, and we’ve spent many, many years protecting cloud workloads and we’ve adapted that into protecting Gen AI workloads.

And providing additional information on how those workloads run and how they need to be protected. So, big opportunity for us today and in the future.


Thank you. One moment for our next question, please. And it is from Alex Henderson with Needham. Please proceed.

Alex HendersonNeedham and Company — Analyst

Great. Thank you so much. You guys had an outstanding quarter here and in an environment where a lot of people are struggling. So, what I was hoping you could talk to a little bit is what you’re seeing as you’re talking to CISOs, you’re talking to CEOs, C-suite-type people about what is causing their reticence to spend short term.

I know you’re gaining share and doing well, but many aren’t. And I’m wondering if that’s a function of their challenges in figuring out how they’re going to implement AI and to what extent that’s causing a slowdown in decision-making process, or is it macro? Or alternatively, is it they are determined what they’re going to spend on and they’re shifting money away from other things, including some security and some — if you look at the results of some of the other players? So, what is exactly going on in the field right now with the decision-making process?

George KurtzCo-Founder, President, and Chief Executive Officer

Sure. Well, what we’ve seen, and Burt talked about in the prepared remarks, is that customers are looking to consolidate and save money on CrowdStrike. And at the same time, Alex, as we mentioned, it’s still a challenging macro environment. But I think the results you’re seeing from us is the fact that the consolidation technologies and platform that we’re delivering is working.

We are providing more for our customers and consolidating other spend that they have, and they’re taking that share of wallet and putting it with CrowdStrike from other vendors. And we gave you some, I think, really interesting stats around that. That’s the simple version of it. We’ve got the right technology we’ve got the ability to reduce their costs.

We’ve got a partner network, which is delivering massive value for us. And when you put it all together, yes, it’s challenging. But if you’ve got the right solution with the right offerings, we think we can be very successful. And I think the quarter that you just saw is reflective of what we’ve been saying for a long time and what we delivered.


Thank you. One moment for our last question in queue. And it comes from the line of John DiFucci with Guggenheim Securities.

John DiFucciGuggenheim Partners — Analyst

Thanks. Thanks for taking my question. So, George, you and your team have put a consistency in numbers. We just haven’t seen from anyone over what’s been described as a challenging IT spending environment, and I’m talking about the last couple of years, especially this quarter, I think we understand how early on you expanded the definition and the scope of the market you address.

And also, more recently, you did something similar in broadening your market influence to customers of all sizes. But if the backdrop remains the same at least for the rest of this year and it doesn’t get better like a lot of people thought it would at the beginning of the year, is it more of the same for you? Or are there other levers that you can or need to pull to continue to put up the impressive numbers that you have?

George KurtzCo-Founder, President, and Chief Executive Officer

Sure. So, thanks, John. I think you said it right. Burt and I and the rest of the team focus on consistency and delivering value to our customers.

If we can provide the right technology and solve use cases and more importantly, listen to them, if you look at Falcon Flex, which I talked about, which we’re really excited and I know is going to continue to drive results for us. That was an outcome of listening to our customers. We actually worked with several customers on putting that together. Buying it, how they want it, the way they want it, reducing friction in the procurement cycle.

So, that’s what we’re going to focus on. And I think I’ll leave you with if we take care of the customer, the rest takes care of itself, and that’s, again, a hallmark of what we try to do at CrowdStrike and what Burt and I are focused on every day.


And thank you. With that, I will conclude the Q&A session, and we’ll pass it back to George Kurtz for his final comments.

George KurtzCo-Founder, President, and Chief Executive Officer

Thank you so much for joining our call, and we look forward to seeing you next quarter. Be safe.


[Operator signoff]

Duration: 0 minutes

Call participants:

Maria RileyVice President, Investor Relations

George KurtzCo-Founder, President, and Chief Executive Officer

Burt W. PodbereChief Financial Officer

Andy NowinskiWells Fargo Securities — Analyst

Saket KaliaBarclays — Analyst

Brian EssexJPMorgan Chase and Company — Analyst

Tal LianiBank of America Merrill Lynch — Analyst

Burt PodbereChief Financial Officer

Hamza FodderwalaMorgan Stanley — Analyst

Matt HedbergRBC Capital Markets — Analyst

Fatima BoolaniCiti — Analyst

Gabriela BorgesGoldman Sachs — Analyst

Alex HendersonNeedham and Company — Analyst

John DiFucciGuggenheim Partners — Analyst

More CRWD analysis

All earnings call transcripts

Source link

About The Author

Scroll to Top