CrowdStrike Holdings Inc
NASDAQ:CRWD

Watchlist Manager
CrowdStrike Holdings Inc Logo
CrowdStrike Holdings Inc
NASDAQ:CRWD
Watchlist
Price: 344.36 USD -1.01% Market Closed
Market Cap: 84.4B USD
Have any thoughts about
CrowdStrike Holdings Inc?
Write Note

Earnings Call Analysis

Q1-2025 Analysis
CrowdStrike Holdings Inc

CrowdStrike Reports Record First Quarter 2025

CrowdStrike started fiscal 2025 with strong momentum, delivering record Q1 net new ARR of $212 million, up 22% year-over-year, and ending ARR of $3.65 billion, up 33%. Subscription gross margin exceeded 80%, and free cash flow hit $322 million, 35% of revenue. The company maintained GAAP profitability for the fifth consecutive quarter. CrowdStrike raised its full fiscal year 2025 revenue guidance to $3.98 billion to $4.01 billion, reflecting 30-31% growth. Non-GAAP net income is expected to be $985.6 million to $1.012 billion, or $3.93 to $4.03 per share. The Falcon platform's consolidation capabilities and AI innovations continue to drive exceptional customer adoption and efficiency improvements.

Strong Start with Record Numbers

CrowdStrike kicked off fiscal year 2025 with impressive momentum, significantly outperforming its projected metrics. The company set several records in Q1: net new annual recurring revenue (ARR) reached $212 million, marking a 22% year-over-year increase. The total ending ARR soared to $3.65 billion, up 33%. This performance underscores the broad acceptance and demand for CrowdStrike’s AI-powered Falcon platform, which is consolidating the cybersecurity market.

Exceptional Growth in Subscription and Free Cash Flow

Subscription revenue grew by an impressive 34% year-over-year, totaling $872.2 million. This strong subscription growth contributed to a record subscription gross margin of over 80%. Free cash flow also hit a record, increasing 42% from the previous year to $322 million, which is 35% of revenue. These numbers highlight CrowdStrike’s ability to generate substantial cash, providing the financial muscle to invest further in innovation and growth.

Operational Efficiency and Profitability

CrowdStrike exhibited strong operational leverage, with non-GAAP operating income soaring 72% year-over-year to $198.7 million. The operating margin also improved by 5 percentage points, reaching 22%. The company achieved its fifth consecutive quarter of GAAP profitability, with GAAP net income rising significantly to $42.8 million. This profitability is notable given the company's concurrent investments in growth areas such as sales capacity and market-leading innovation.

Platform Consolidation Driving Customer Adoption

A key driver behind CrowdStrike’s success is its Falcon platform, which consolidates various cybersecurity functions into a single AI-powered solution. Customers are increasingly adopting more modules: deals involving cloud, identity, or Falcon Next-Gen SIEM modules more than doubled year-over-year. The number of customers using eight or more modules grew by 95%, showcasing the platform’s appeal in simplifying and enhancing cybersecurity operations.

Prudent and Optimistic Guidance

Despite the challenging macroeconomic environment, CrowdStrike maintains a prudent and consistent outlook. For Q2 FY 2025, the company projects revenue between $958.3 million and $961.2 million, reflecting a 31% year-over-year growth. Non-GAAP operating income is expected to range from $208.3 million to $210.5 million. For the full fiscal year, CrowdStrike has raised its guidance, now expecting total revenue between $3.976 billion and $4.010 billion, marking a growth rate of 30% to 31%.

Strategic Initiatives and Future Outlook

CrowdStrike continues to focus on innovation and strategic initiatives, such as the FalconFlex program, which simplifies procurement and enhances platform adoption. This initiative alone has resulted in over $500 million in deal value in three quarters. The company is also poised to capitalize on evolving market trends, such as cloud and AI workloads. With a robust pipeline and ongoing investments in talent and technology, CrowdStrike is well-positioned to achieve its long-term goal of reaching $10 billion in ending ARR.

Earnings Call Transcript

Earnings Call Transcript
2025-Q1

from 0
Operator

Good day, everyone, and thank you for standing by. Welcome to CrowdStrike Fiscal First Quarter 2025 Results Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded.

I would now like to hand it over to the Vice President of Investor Relations, Maria Riley. Please go ahead.

M
Maria Riley
executive

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer.

Before we get started, I would like to note that certain statements made during this call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the second quarter and fiscal year 2025 and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995.

These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise.

Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's Quarterly and Annual Reports.

Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.

With that, I will now turn the call over to George.

George Kurtz
executive

Thank you, Maria, and thank you all for joining us for our first earnings call of fiscal year 2025. We start the year from a position of momentum and exceptional strength, outperforming our guided metrics. Our AI native platform wins at scale every geography, every market segment and every solution area.

CrowdStrike delivered a record Q1. Record Q1 net new ARR of $212 million, growing 22% year-over-year. Record ending ARR of $3.65 billion, growing 33% year-over-year. Record subscription gross margin of over 80% and record free cash flow of $322 million, reaching 35% of revenue and a free cash flow Rule of 68 making us the only cybersecurity vendor of scale delivering this level of growth and profitability.

We achieved all of these records while closely managing every P&L line delivering significant year-over-year operating leverage and our fifth consecutive quarter of GAAP profitability. Even as we continue investing in growth, we're adding sales capacity, investing in our market-leading brand and accelerating innovation while firmly on the path to $10 billion in ending ARR.

The foundational theme underpinning CrowdStrike's results is the power of the Falcon platform to consolidate cybersecurity at scale. This is coupled with the market's unequivocal desire for a single AI-powered software platform consolidator. We're landing with more modules than ever before. The number of deals involving cloud, identity or Falcon Next-Gen SIEM modules more than doubled year-over-year, and we're closing some of our largest deals ever.

We're consistently hearing that customers want to partner with us as they consolidate, standardizing their cybersecurity future on the Falcon platform and investing their trust in CrowdStrike as cybersecurities North Star. Let me explain why.

We built the right architecture from the start, the industry's lightest weight, easiest to install sensor embedded with AI, no system reboot required a single AI native platform console, not disparate stitch together or siloed multi-platforms. Our architecture built from the start, with what I refer to as gold plated plumbing, allows the Falcon platform to gracefully land, retrieve data once and then slight infinite security, IT, data and compliance capabilities without any friction.

This is the definition of a true platform, and our platform strategy from inception continues to deliver the results, [indiscernible] with 8-plus modules grew 95% year-over-year. Our 28 modules are best-in-class on a stand-alone basis as rated by applicable leading industry analysts, yet combined and natively built into single Falcon platform, our solution modules work even better together, unlocking customer value characteristics of a virtuous flywheel. The sum of platform adoption is even greater than the individual parts.

The Falcon platform's differentiated architecture creates a technological competitive moat around our ability to be cybersecurity's premier platform consolidator. This is something you can't acquire or fix later. You must build it right from the start.

Our platform architecture delivers the following unique customer outcomes. Through consolidation, the Falcon platform delivers faster and more effective cybersecurity than ever before, our AI native platform is consistently evolving to close the gap between detection and response, compressing alert to resolution time scales from days and hours to seconds and real time.

And now with Charlotte AI, customers are experiencing more platform utility at faster speeds, shrinking hours of their security work days into minutes. [indiscernible] hunting is supercharged, response and remediation are revolutionized. The AI-powered stock is no longer a vision, it's a reality. We stand out in our ability to secure diverse attack services with the industry's highest protection levels, spanning cloud, data, device, identity, third-party sources and beyond, natively alerting in one place and automatically responding across the platform at machine speed. There's no console, hide-and-go-seek, no separate platforms with their own UI languages, no multi-agent bloat and no stitch data silos.

Through consolidation, the Falcon platform delivers extreme cost savings, the more modules customers adopt, the more cost savings they realize. The Falcon platform consolidates point and pseudo platform vendors across point cloud security fragments like CWP, CSPM, ASPM, ESPM and CIEM products, identity protection, SIEM, threat intel feeds, data protection and VLP, vulnerability management, attack service management, compliance, endpoint management suite and legacy AV and next-gen AV and EDR.

As an industry, organizations are buying many promises, Unfortunately, they are left with wasteful shelfware, point product learning curves and features that fail to deliver end-to-end outcomes. The long-time cybersecurity adage of defense and depth has led to a new phenomenon, expensive depth consolidating on the Falcon platform reverses the ever-increasing cost curve. A recent IDC report quantifies CrowdStrike extreme cost savings for every dollar invested in Falcon Solutions, our customers recognize $6 of cost savings. Our customers came to us asking for new ways to adopt the Falcon platform even faster.

Instead of acquiring Falcon module by module, we developed the Falcon Flex subscription model. Falcon Flex customers enjoy the best prices for the products they want today and tomorrow while eliminating procurement and legal cycles for module use. The outcome for CrowdStrike is even broader platform adoption. Unlike vendors who pedal wasteful ELAs, our customers utilize what they purchase because when you buy what you want and need, when you want to need it, utilization is natural. We're not reclassifying, recounting or repositioning existing business to [indiscernible] perceived platform value. When a platform delivers real value, you don't have to give it away.

In the 3 quarters since we've built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $500 million in deal value, growing our share of customer wallet while consolidating and simplifying their security. Applying IDC's analysis would imply Falcon Flex has assisted customers in saving more than $3 billion that would have been spent on other products. Now that extreme cost savings and indicative of the platform momentum we are seeing with new and existing customers.

Through consolidation, the Falcon platform delivers innovation to solve tomorrow's cybersecurity as well as broader IP and data problems. Our position of cybersecurity consolidation platform keeps CrowdStrike innovating to lead the industry forward. This focus has allowed us to ship game-changing products at rapid pace.

Within months of our Bionic acquisition, we fully integrated ASPM into our Falcon Cloud Security Suite. Over the past few months, we brought our LogScale Next-Gen SIEM into the console of all of our customers, feeding their utilization of Falcon to replace legacy SIEMs. And more recently, following yet another major Microsoft breach in CIS' Cyber Safety Review Board's findings, we received an outpouring of request from the market for help. We decided enough is enough, there's a widespread crisis of confidence among security and IT teams within the Microsoft security customer base.

At the request of organizations saddled with Microsoft E5 licensing, we delivered Falcon for Defender, a platform on ramp to help organizations of all sizes start utilizing Falcon to secure their Microsoft Defender usage. Falcon for Defender is delivered via the CrowdStrike sensor encompassing our industry-leading OverWatch threat hunting services as well as mission-critical reporting to help security teams do their job.

With Falcon for Defender organizations using Microsoft now have what we call V-Squared, validation and verification, a missing third-party protection layer for their security programs. And with our sensor already deployed on customer systems, we're dropping anchor on the beachfront real estate to not only transform cybersecurity but also stop breaches. Feedback has been overwhelmingly positive. CISAs now have the ability to reduce monoculture risk from only using Microsoft products and cloud services.

Our innovation continues at breakneck pace multiplying the reasons for the market to consolidate on Falcon. Thousands of organizations are consolidating on the Falcon platform. There are a few that stood out from the quarter. A 7-figure deal in a Fortune 100 health care company who is using Microsoft and experienced a breach. Our industry-leading IR team deployed more than 46,000 sensors in days, stopping the adversary, restarting business and importantly, keeping this business out of promotional vendor fanfare. This customer immediately adopted Falcon Complete Identity, Falcon Cloud Security, LogScale Next-Gen SIEM and Charlotte AI.

In addition to removing Microsoft security products, they were able to move off their vulnerability management vendor and their legacy SIEM-2. The consolidation outcome a 75% reduction in agent footprint by consolidating to our single agent and a 700% improvement in mean time to detect and respond taking average alert triage times from 4-plus hours down to minutes. We stopped the breach, displacing more than 3 vendors along the way, and now this customer experiences not only lower TCO, but also cybersecurity outcomes they hadn't thought possible.

A 7-figure deal in a large Middle Eastern power and utilities provider that experienced many incidents using a regional point product endpoint vendor. These incidents were each preventable with the Falcon platform's AI defenses. Standardizing the Falcon platform, this customer adopted CrowdStrike for endpoint, identity, cloud and Next-Gen SIEM, consolidating 5 security vendors down to just one in a few short months during the deal cycle.

Lastly, our focus on solving cybersecurity and IT use cases inspired a multinational services customer headquartered in Japan to consolidate on the CrowdStrike in a 7-figure expansion deal, acquiring 4 additional modules, they successfully eliminated TM, a legacy AV vendor and their vulnerability management provider. This deal illustrates existing customers taking the opportunity to further consolidate on Falcon beyond just security.

We have the platform, data gravity and trust to make consolidation turn key for security and IT teams alike. These deals highlight the tempo and scale of Falcon consolidation. It's not on a PowerPoint slide, it's inside a single console with a single sensor and delivered on a single platform. What we see are prospects and customers using consolidation as an opportunity to transform trading expense and depth for cybersecurity that's better, faster and more cost-effective. Consolidation isn't just a phenomenon happening with end customers. It's also a priority embraced and prioritized by our partners, too.

In our MSSP business, one of our fastest-growing segments, partners are coming to us to migrate their customers off legacy and substandard point products as well as multi-platform vendors. In a large 7-figure deal eSentire, and industry-leading MSSP selected the Falcon platform to migrate hundreds of Carbon Black customers in mass, representing an excess of nearly 0.5 million endpoints. This is a prime example of an industry-leading MDR that developed their own award-winning services on the Falcon platform, consolidating on CrowdStrike.

In our expanded partnership with Mandiant and Google Cloud announced at the RSA conference, Mandiant is migrating its Mandiant Managed Defense MDR customers to the Falcon platform. Recognizing our market leadership and the need to deliver services on the best technology platform, CrowdStrike is the natural choice to migrate their customers off legacy AV and other point products.

In our channel ecosystem at large, we're seeing partners deprioritizing other vendors on their line cards to consolidate their time, head count and go-to-market focus on CrowdStrike. Our top 50 partners in every geo are growing and telling us they're doing less and less with other vendors, instead increasing their focus and business results on Falcon. Partners are a key driver of market consolidation, both representing our technology to their end customers and also consolidating their efforts away from anecdotal declining point feature vendors.

The power to consolidate on a single platform requires having the right technologies at the right time, delivered on the right platform. Our investments in hyper-growth solution businesses continue to deliver market-leading capabilities and record results.

Here's our Q1 color on cloud security, identity protection and LogScale Next-Gen SIEM as well as several platform innovation areas. Cloud utilization is reaching unprecedented highs. This is largely driven by the AI revolution of the past few quarters. Today, every company is or is quickly becoming an AI company. Every CISO, CIO and Board member, I speak with is experimenting with using AI in new ways. We all know that AI is transformative, and this transformation is happening in public and private clouds. The cloud is foundational technology for building AI models, operationalizing AI and integrating AI into existing technologies. The only way to safely harness the transformative nature of AI is through best-in-class security that operates at the speed and scale of AI built natively with AI with CrowdStrike.

As hyperscalers print remarkable results, as NVIDIA continues to amaze and as AI hardware spend reaches Gold Rush levels, estimated to be north of $60 billion in the last 12 months, CrowdStrike is at the epicenter of securing the workloads driving the AI revolution for the next conversation.

Jensen Huang, Founder and CEO of NVIDIA, recently validated this, stating in our Q1 partnership announcement that quote, "pairing NVIDIA accelerated computing and Generative AI with CrowdStrike cybersecurity can give enterprises unprecedented visibility and to threats to help them better protect their businesses". And this is why industry leaders across every vertical, including the GenAI companies themselves, are choosing Falcon Cloud Security to secure their heterogeneous cloud environment, consolidating multiple point products on the Falcon platform.

Here is a lighthouse example. One of the world's leading hyperscalers grew their adoption of the Falcon platform, standardizing on the Falcon cloud security in an 8-figure deal. In a public press release, this customer and partner extolled the unified nature of our security platform and their ability to consolidate multiple cloud security point products on Falcon cloud security.

Our joint go-to-market partnership has evolved to focus on Falcon Cloud security where CrowdStrike rises above other vendors to enable secure cloud consumption. Driving our cloud security customer wins is the market embracing our runtime centric cloud detection and response vision that focuses on real-time cloud visibility and protection, offering features like cloud attack path analysis, API-based side scanning and most recently integrated ASPM and CVR, sets us apart as the only solution in the market that spans code application to the infrastructure on which everything runs.

Our latest acquisition of Flow furthers our competitive moat, adding in the industry's only runtime DSPM, securing data both at rest and in motion. Falcon Cloud Security has surpassed a garden of unicorns, decacorns and legacy vendors as one of the largest cloud security businesses in the market. As of Q1, Falcon has been selected by 62 of the Fortune 100 as their cloud security provider of choice.

CrowdStrike pioneered the creation of the Identity detection and response category. Our identity protection module continues to be the only single agent solution on the market, giving us a major competitive advantage. Our active directory expertise has evolved to now support increasingly popular cloud identity solutions such as Microsoft Entra ID, formerly known as Azure AD, giving us the ability to support diverse customers wherever their identities reside.

Our sustained focus on identity protection continues to pay dividends, not only winning deals, but also with industry analysts, where CrowdStrike was named the Overall Leader in KuppingerCole's inaugural ITDR Compass. A key customer went from the quarter includes, a 7-figure deal with a large health care provider who is stuck in a Broadcom contract and increasingly being pushed towards a multi-platform hardware providers patchwork products. Our Identity Threat Protection module was a game changer for this customer, deploying us to more than 100,000 devices and allowing us to replace these other 2 vendors. Identity protection led to an 85% better mean time to respond for identity-based attacks and motivated this customers significant cyber transformation.

One of the solution areas I'm most excited about is our LogScale Next-Gen SIEM business. There's certainly no shortage of market activity in the SIEM space where consolidation is a foot with M&A activity impacting Splunk and more recently, Exabeam and QRadar, more happened in the SIM market over the past few months than in decades. In the wake of this consolidation, the demand environment is right. Each of these consolidation moves create immediate opportunity zones. Organizations are iconic classically questioning their legacy SIEM choices and looking for new, better and more cost-effective ways to run their stock in the AI era.

With CrowdStrike representing more than 80% of the data going into today's SIEM, we are naturally placed to disrupt consolidate and chart the future of the SIEM market. This is because our LogScale Next-Gen SIEM is already natively in the Falcon platform, already ingesting, visualizing and actioning all first-party CrowdStrike data for all of our customers.

While other vendors must buy their way into this market, acquiring legacy technology, our flag is already firmly planted and flying. Our goal is to win the hearts and minds of customers through superior technology and outcomes, not ELAs, forced migrations and traps.

Here's why we're winning. We have the right technology. Our Next-Gen SIEM immediately solves one of the biggest and most costly SIEM challenges ingestion of data. CrowdStrike data natively resides in the platform, requiring 0 transportation costs, 0 storage cost and 0 configuration. We have also made it easy to ingest data from third-party sources. Once the data is in the platform, users benefit from our head-turning incident workbench, providing curated alert visualization delivering on the promises of XDR like never seen before.

Our Next-Gen SIEM is created for security users by security users, making running a cybersecurity program easier and more data driven. And coupled with Charlotte AI, going from an idea to action, context to conquest and of course, detection to response is supercharged for the AI era.

And our recent partner symposium in Asia and Europe, we received standing ovations with viewers commenting that Next-Gen SIEM is our biggest industry-changing innovation. We have the content with over 500 integrations we welcome data from all sources to call the Falcon platform home. While many competitors are closed and complicated in what data they ingest, we are open, the melting pot of cyber and IT data. Our ecosystem is a proxy for the cybersecurity market at large.

For years, we've collaborated closely with ISVs of all kinds from start-ups and innovators in our Falcon Fund portfolio to industry stalwarts across cybersecurity in the broader IT market. With hundreds of native vendor-specific connectors as well as a generic log in gesture, bringing data into Next-Gen SIEM is easier and faster than ever before. And once the data is in, cybersecurity experiences are enriched with the Falcon platform illustrating alert specific, attack surface specific and campaign-specific events coupled with automated response through Fusion SOAR playbooks and Charlotte AI actions.

To date, Fusion SOAR is used by 47% of our top 5,000 customers we have created more than 135,000 custom workflows, processing more than 155 billion signals weekly to automate actions across the Falcon platform and third-party products. We have the right services, helping organizations move into their Next-Gen SIEM as a partner-led opportunity.

Today's SIEMs were installed, configured, and oftentimes managed by partners. Partners see where the puck is going and have approached CrowdStrike to build their Next-Gen SIEM practices. These practices span data governance, data movement, dashboard configuration and automation response creation as well as managed SIEM services. System integrators like Deloitte, EY, HCLTech as well as SIEM specific partners like Net Builder are leading the movement with CrowdStrike as their Next-Gen SIEM platform of choice.

Here's an example of a noteworthy customer win. The Global 2000 manufacturing and machine system conglomerate, with more than 100,000 employees left Splunk for LogScale Next-Gen SIEM in an 8-figure deal. Together with Accenture, we were able to successfully and swiftly migrate numerous data sources as well as ongoing SIEM management to the Falcon platform, delivering the outcome of consolidation cost savings as well as longer data retention and faster alert response times.

We have the technology platform, the content, the partners, the customers and the native data gravity to transform the SIEM market, and it's happening right now. Outside of our cloud identity and Next-Gen SIEM hypergrowth businesses, new platform innovation areas are quickly taking flight. Demand for each of these products is exceeding our expectation driven by both the innovative nature of our technology, but also secular consolidation market factors and frustration with legacy incumbents.

First, data protection. Frustration with legacy DLP remains at a fever pitch or logging into these products as akin to taking a time machine back to the '90s. In a little more than a quarter, we sold our data protection module to several hundred customers many of which are Fortune 1000 accounts delivering results indicative of a hyper-growth startup. We win because we scratched the consolidation itch delivering the compliance necessities without anything new to deploy and manage.

Data protection, coupled with Flow's DSPM are important components of our ability to natively secure AI as well. And with data becoming increasingly important for AI model development, customers want more than back in the disaster recovery for the data. Data protection is laying the groundwork for another multibillion adjacent Falcon market.

Next, Falcon for IT. The desire to move away from endpoint management point products is pronounced and exceeding our expectations. Organizations are looking to Falcon to deliver enterprise search, patching deployment, device health and more, all from the same sensor. It's a very logical add-on and our pipeline is already in the 8 figures since shipping this module a little more than a quarter ago.

And lastly, Charlotte AI, every CISO is eager to see their employees become more productive. Every CISO wants their cybersecurity to be faster. The productivity gains are real and the benefits of making cybersecurity easier, conversational and instant multiply the cybersecurity outcomes the Falcon platform creates.

While still early, our POV close rate is close to 90% and reflecting excitement for Charlotte AI. Despite each of these solutions areas being young in the Falcon nest, the feedback from prospects, customers and partners show us we're on the right path for these technologies to be meaningful growth drivers and competitive differentiators. CrowdStrike's innovation engine is just another reason why customers have confidence in Falcon as cybersecurities platform consolidator for today and tomorrow.

In closing, I'm excited about the consolidation CrowdStrike is driving in the market. The business results we're delivering and most importantly, the Falcon platform's signal impact of stopping breaches. Over the past 12 months, our industry-leading incident responders in our partner network use Falcon to respond to thousands of breaches, [indiscernible] CrowdStrike as the industry's incident response authority. These engagements often convert to net new Falcon customers.

Delivering a Q1 like the one we're announcing today is a strong reflection not only of the technological superiority of the Falcon platform, but also of the passion, the tenacity and the mission focused from the very best team in cybersecurity. While the talent war is ongoing, CrowdStrike remains a career destination. Many vendors take great pride in Best Place to Work designation.

I'd like to point to a figure that dimensionalizing CrowdStrike as cybersecurity is very Best Place to Work. Over the past 5 quarters, we received more than 687,000 applications from individuals who want to work for CrowdStrike. These professionals decided that CrowdStrike professionals decided that CrowdStrike would be the ideal venue to build a career. In hiring low single-digit thousands of these individuals, our acceptance rate is low, a lower acceptance rate than to every Ivy League institution. It's figures like this one that send a clear message to me to CrowdStrikers, to customers, the partners, the prospect, to the cybersecurity community and to the market at large, the very best talent builds the very best cybersecurity and we have ample runway ahead of us to revolutionize, innovate and, of course, consolidate this year and well into the future.

I'll now turn the call over to Burt for our financial updates. Thank you.

Burt Podbere
executive

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today are non-GAAP. Additionally, the results we are reporting today include the acquisition of Flow Security, which closed during the quarter and was de minimis to revenue and ARR.

CrowdStrike delivered an exceptional start to the fiscal year, driven by strong execution and increased platform adoption, as customers prioritize their cybersecurity budgets around consolidation on the Falcon platform, driving bigger deals and increased wallet share. We have demonstrated a consistent track record of execution, profitably scaling the business to new heights.

In Q1, we achieved net new ARR of $212 million up 22% year-over-year, bringing ending ARR to $3.65 billion, up 33% over last year. Demand in the quarter was broad-based across the platform. Our strong win rates remained consistent with the prior quarter, and we built a record Q2 pipeline.

As George discussed, the Falcon platform's unique ability to consolidate multiple vendors along with the early success of our FalconFlex program drove bigger consolidation deals in the quarter. Customers are embracing CrowdStrike's platform strategy more than ever as evidenced by the number of deals with 8 or more modules, which grew 95% over Q1 of last year. Subscription customers with 5, 6 and 7 or more modules, grew to 65 and 28% of subscription customers, respectively, and the number of deals involving cloud, identity or Falcon Next-Gen SIEM modules, more than doubled year-over-year.

Additionally, our dollar-based gross and net retention rates were consistent with our expectations as we are executing well across landing, retaining and expanding with our customers.

Moving to the P&L. Total revenue grew 33% over Q1 of last year to reach $921.0 million. Subscription revenue growth accelerated to 34% over Q1 of last year to reach $872.2 million. Professional services revenue was $48.9 million representing 18% year-over-year growth. The geographic mix of first quarter revenue consisted of approximately 68% from the U.S. and 32% from international geographies.

Record total gross margin of 78% increased by 26 basis points year-over-year. Record subscription gross margin of 80% increased 32 basis points over the prior year, driven by investments in data center and workload optimization and a consistent pricing environment.

Total non-GAAP operating expenses in the first quarter were $522.5 million or 57% of revenue compared to 61% of revenue in the prior year. As planned, in Q1, we increased our pace of hiring, growing total head count by 15% year-over-year as we invest in scaling the business to $10 billion in ending ARR and capture the massive opportunities ahead of us. In the first quarter, non-GAAP operating income grew 72% year-over-year to reach $198.7 million, and operating margin increased by 5 percentage points year-over-year to reach 22%.

We, once again, delivered GAAP profitability, which grew to $42.8 million up significantly over Q1 of last year. Non-GAAP net income attributable to CrowdStrike grew to $231.7 million or $0.93 on a diluted per share basis. Cash and cash equivalents grew to a record $3.70 billion and free cash flow grew 42% over Q1 of last year to reach a record $322.5 million or 35% of revenue increasing to achieve a Rule of 68 on a free cash flow basis.

Before I move to our outlook, I'd like to provide a few modeling notes. First, we are encouraged by the momentum we see across the business and pleased by our strong execution to start the fiscal year. While the macro environment remains challenging, the unique capabilities and data gravity of the Falcon platform, coupled with our FalconFlex program are driving larger platform deal sizes, consistently strong win rates and record levels of pipeline for the year.

With that in mind, we continue to maintain a consistent and prudent approach to our outlook and assumptions amid a macro environment that remains challenging. While we did not specifically guide to net new ARR, our net new ARR year-over-year growth assumptions for the second quarter of the fiscal year are at least double digits, up to the low teens.

And second, we are maintaining our free cash flow margin target of 31% to 33% of revenue for the full fiscal year 2025 and expect Q1 to Q2 seasonality similar to last year.

Moving to our outlook. For the second quarter of FY '25, we expect total revenue to be in the range of $958.3 million to $961.2 million reflecting a year-over-year growth rate of 31%. We expect non-GAAP income from operations to be in the range of $208.3 million to $210.5 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $245.7 million to $247.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.98 to $0.99, utilizing a weighted average share count of approximately 250 million shares on a diluted basis.

We are raising our guidance for the full fiscal year 2025. We currently expect total revenue to be in the range of $3,976.3 million to $4010.7 million, reflecting a growth rate of 30% to 31% over the prior fiscal year.

Non-GAAP income from operations is expected to be between $890.1 million and $916.5 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $985.6 million and $1,012 million. Utilizing approximately 251 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.93 to $4.03.

George and I will now take your questions.

Operator

[Operator Instructions] And our first question comes from the line of Andrew Nowinski with Wells Fargo.

A
Andrew Nowinski
analyst

And congrats on another amazing quarter, particularly in a tough environment where every single one of your peers has put up pretty mediocre results this quarter. So you have so many interesting things going on with cloud and identity and SIEM. But my question will stay focused on the SIEM offering, which I think you've done a really nice job building out. It clearly has a lot of advantages over the legacy vendors like Splunk and QRadar. And now it seems like the SIEM market in general has been revitalized.

So I'm wondering, how are you thinking about the opportunity with your SIEM solution going forward? And what are the -- what are you seeing in terms of Splunk and QRadar displacements, which are obviously some of the largest potential shared owners?

George Kurtz
executive

Thanks, Andy. So when we look at this market, as I've said in my prepared remarks, we've seen more movement in the last year than 10 years. And I think a lot of the various factors in play in the market, M&A and various partnerships and the like have really contributed to a broad interest and adoption of our technology. If you look at what we've done and what we've talked about for some period of time, 80%, 85% of the data that goes into a SIEM comes from the endpoints themselves. So having this type of capability natively built into our platform now gives us data gravity. And we've got all of our customers enabled for Next-Gen SIEM and that's one of the things I really want to reinforce all of our customers are now enabled.

Now it becomes a sales motion to be able to convert them into Next-Gen SIEM customers. And given the movement in the marketplace, we've got many, many customers reaching out dissatisfied with their current vendors and also interested in leveraging a completely integrated solution with the data they already have.

So we think this is a massive, massive opportunity for us. And given what we're doing in the space and the innovations we're driving, particularly with AI and the data we have. we think it's going to be a many multiyear journey of opportunity for us in a very antiquated space and one that's right for disruption.

Operator

And it comes from Saket Kalia with Barclays.

U
Unknown Analyst

George, maybe for you. I thought the AWS win that you announced publicly intra-quarter was interesting. And of course, you've talked about them as a key customer and partner for CrowdStrike in the past. Can you just dig into how you've maybe expanded that relationship particularly around cloud security. I think you referenced it a little bit in your prepared remarks, but could you maybe flesh that out a little bit? And also touch on how that's maybe setting CrowdStrike apart competitively in the cloud security market?

George Kurtz
executive

Sure. And when we look at our cloud offerings, as we've talked about in the past, we've built an incredible portfolio of capabilities from code to cloud and everything in between, whether that's agent-agentless entitle management, et cetera. So I think it's really reflective of what we've built and the technological advantages that our offerings have for our customers.

When you look at someone like AWS, they're obviously looking for the best cloud technology in the market, and we believe we have it. And it's fantastic to be able to to continue to expand our relationship there. This was also a FalconFlex deal. And I think, again, reflective of the fact that customers want to do more with us, they want to buy more and we're giving them the opportunity to do this.

And in fact, second, while we're on the call, we actually just won another award Best Cloud Security Solution by SC Europe followed up by another 5 wins. So as I've said for many years, and you've heard me say it, the best architecture, the best technology starts from the beginning, and it can't be stitched together. And I think these wins really highlight what we've been able to do and how we've been able to deliver on what we've built since I started the company.

Operator

And is from the line of Brian Essex with JPMorgan.

B
Brian Essex
analyst

Congrats from me as well on a nice set of results. George, I was wondering if you could maybe just broadly talk about the emerging products on the platform. And now that they're becoming meaningful in scale, I think last year, you kind of -- or last quarter, you referenced that they're each kind of IP-able segments in their own right. How often are you leading with individual solutions that are emerging solutions, whether it's LogScale or identity or cloud versus of leading with the platform and pulling some of those emerging products onto the platform. Just want to get a sense of maybe how the go-to-market might be changing there.

George Kurtz
executive

Yes, it's a good question. And I mean, I think in general, we're leading with the platform, but maybe to focus in on the heart of your question, which is we have various use cases for the platform. So we may have a customer that comes to us and says, "Hey, we're using a legacy SIEM. We want something better". Right. We may have a new prospect that says the same thing. We're using legacy SIEM and we want to explore what CrowdStrike can offer us. We have plenty of new customers that come to us and say, "Hey, we need a better solution in our cloud because what we have is not working or doesn't give us the full spectrum of capabilities".

So we can land with something specific to that customer's use case. And that's -- a lot of times they're looking for something that they need to solve immediately. And of course, we're selling the value of the platform. So whether it's an existing customer or a new one, we're focused on delivering the full value of the platform but solving their use cases today and into the future and obviously consolidating on what they have in place in terms of legacy. You heard some of the incredible stats and delivering more value at a lower cost.

Operator

And it comes from the line of Tal Liani with Bank of America.

T
Tal Liani
analyst

Two questions. First is, SBC went up 40%, and that's on the back of 28% increase last year. that's a material increase from previous quarters. Can you talk about stock-based compensation? And what's the driver for this?

And then second, on the results. The -- so for your platform sales, total pricing is going up because you can bundle in more and more components. But does it mean for those who are selling point solutions that pricing is coming down. The fact that you and others are driving platform, does it result in individual component pricing coming down? Can you talk about the pricing environment?

Burt Podbere
executive

Thanks Tal. Hopefully, you can hear me.

T
Tal Liani
analyst

I can hear you. Can you hear me?

Burt Podbere
executive

Yes, I can hear you. Thanks. So let's talk about SBC. So first, as I think about SBC, I think about dilution, right? SBC in and of itself really doesn't tell you a whole lot until you get into dilution or until you look at EPS. So for us, dilution, as I've stated many times, we're looking at around 3% for the year, and that's well within our -- in terms of our expectations. .

In terms of the pricing environment, the pricing environment for us is -- we're in a consistent area for ourselves. And how it impacts other point solutions, what you can see by our results, where -- when people want to consolidate with us people want to actually go to 1 single platform, 1 single agent, 1 single console. Those are -- all those things combined together, those are the things that are making us win. So as I think about the pricing environment, I think about an advantage to crowd given our single platform, given the fact that we have 28 modules to choose from.

Operator

And it is from Hamza Fooderwala with Morgan Stanley.

H
Hamza Fodderwala
analyst

And very solid results and a strong start to the year. George, you spoke a little bit about public sector. There was an article last month about the state department looking to really broaden their security vendors beyond Microsoft, which you mentioned in your prepared remarks. I'm curious how is that conversation going with some of those federal agencies who are looking at CrowdStrike? And how is the pipeline trending particularly ahead of the September fiscal year closing fed?

George Kurtz
executive

Well, when we think about the federal market, obviously, the buying cycles happened mostly in the third quarter for them, but we continue to maintain our momentum and gain momentum in those areas. Many of the challenges that we've seen over the years from organizations outside of the public sector continue to plague the government.

And when you look at the additional budget that's being released into these governments given cybersecurities importance, we think we can play a meaningful part in those opportunities. So from our perspective, we continue to gain and I think, deliver technologies. And now if you look at Next-Gen SIEM, we think there's a massive opportunity in the federal space for our products.

Operator

And it is from the line of Matt Hedberg with RBC.

M
Matthew Hedberg
analyst

I offer my congrats as well. Obviously, a difficult selling environment, you guys are doing really well. George, I had a question for you. The success you had with Charlotte AI, I think you said 90% POV close rates is great to hear. I know it's still early, but I guess in the spirit of a customer's overall GenAI journey, one of the things we're hearing is that, that could potentially slow down deal cycles for broader software -- the broader software landscape. I'm wondering, as your customers adopt your AI platform, maybe more specifically Charlotte AI, are they seeing faster time to production for GenAI application? In other words, does it speed up a customer's GenAI journey?

George Kurtz
executive

Yes. I think what we're seeing is that customers are really embracing the fact that we can reduce their operational workload for their stock analysts. We can take hours of mundane front work and turn it into minutes. And not only answer questions with the collective wisdom and knowledge that CrowdStrike has developed over the many years, but also drive automation. We talked about the Falcon Fusion or technology built in.

So when they look at what we've built and how we can save time and how we can drive AI automation into an AI-native SoC, I think this is really important for them. And overall, I think it's a fantastic technology. And as I mentioned, we won a few other awards, while we were on the call, we actually won Best AI category for SC Awards specific to Charlotte. So we're delivering on our promises, and this is real technology in the hands of customers today.

Operator

From Fatima Boolani with Citi.

F
Fatima Boolani
analyst

George, I'm going to ask you a very high-level question just with regards to the $10 billion ARR target. You've reemphasized it, you've reaffirmed it with a lot of confidence and there's a lot of reasons anticipate why that's going to be a very likely outcome. But I wanted to ask you very specifically -- what do you feel like will help your relative velocity in attaining that sort of bogey. So frankly, what would have to go really right for that outcome to be realized within 3 years versus 5 years, appreciating that you haven't put a time frame on it. And I can appreciate there's no shortage of product. You've seen so much momentum in FalconFlex and a lot of the platform anecdotes that -- platformization anecdotes, dare I say that, that you shared. But would love to kind of get your perspective on what could change your relative velocity to that ARR target?

George Kurtz
executive

Sure. I think there's probably 2 key points there, and then I'll see if Burt wants to chime in. When we look at our ability to consolidate, and I talked about in the call, FalconFlex, I think is a game changer for a lot of customers, buying more, buying bigger, leveraging the platform and you see velocity of adoption using FalconFlex. So really excited about that and what it's going to mean for CrowdStrike.

The second piece again, as I talked about in my prepared remarks is, that Next-Gen SIEM is natively built in. So rather than sending data out somewhere else and paying for the transport costs and all the complexity around that, the bulk of the use cases and the data that's generated that goes into a SIEM is already in the platform of choice for customers, and we see that being a meaningful opportunity for us to massive market opportunity.

And then other things like data protection. I talked about that. That is an industry or technology that's ripe for disruption. It's the definition of legacy. And we've got a fantastic product around it and combine that with Falcon for IT, leveraging the single-agent architecture to do more than just security these are all meaningful drivers for growth. Any other comments, Burt, on that?

Burt Podbere
executive

Yes. Thanks, George. So one of the things that we talked about at Falcon was the $10 billion ARR number in 5, 7 years. And along with that, we give an illustrative example of some of the things that will get us other than what George just talked about in terms of TAM. We talked about cloud being around in that same time frame, $2.5 billion to $3 billion. We talked about identity being $1 billion to $1.5 billion. We talked about Next-Gen SIEM being $1 billion to $1.5 billion. So you start adding up those numbers and you get more and more confidence in terms of being able to attain that number. That's how we think about it internally. .

Operator

And it is from Gabriela Borges with Goldman Sachs.

G
Gabriela Borges
analyst

George and Burt, I wanted to follow up on one of the earlier questions on AI. And more specifically, when you talk to your customers, and they start planning out the Generative AI projects, how does that impact the type of securities plans? To what extent are you seeing scenarios where you may be seeing a pause in budget or maybe an acceleration in budget? And maybe as part of that, George, if you could just touch on, help us understand the technical differences between protecting, call it, a classic cloud workload versus a cloud workload that's running in LLM, or connecting to an LLM?

George Kurtz
executive

Sure. So we see the opportunity growing. And a number of years ago, we talked about the cloud opportunity. We thought that was underrepresented by some of the market researchers. And now when we think about the proliferation of new hardware, just look at how much new hardware has been procured over the last 6 to 8 months, right? A lot of that is going towards generative AI workloads. And you've seen the announcements with NVIDIA.

These workloads continue to be something that needs to be secured and will be, I think, a huge opportunity for CrowdStrike, given what we've built and the fact that not only can we tell you what may be misconfigured but our cloud workload protection is really is a hallmark of what we do at CrowdStrike, and it's providing real prevention capabilities into these workloads, which consistently come under attack.

So that's the way I would look at it, as a huge opportunity for us, and we've spent many, many years protecting cloud workloads and we've adapted that into protecting Gen AI workloads. And providing additional information on how those workloads run and how they need to be protected. So a big opportunity for us today and in the future.

Operator

And it is from Alex Henderson with Needham.

A
Alex Henderson
analyst

You guys had an outstanding quarter here and in an environment where a lot of people are struggling. So what I was hoping you could talk to a little bit is what you're seeing as you're talking to CISOs, you're talking to CEOs, C-suite-type people, about what is causing their reticence to spend short term? I know you're gaining share and doing well, but many aren't. And I'm wondering if that's a function of their challenges in figuring out how they're going to implement AI and to what extent that's causing a slowdown in decision-making process? Or is it macro? Or alternatively, is it they are determined what they're going to spend on and they're shifting money away from other things, including some security and some -- if you look at the results of some of the other players. So what is exactly going on in the field right now with the decision-making process?

George Kurtz
executive

Sure. Well, what we've seen, and Burt talked about in the prepared remarks is that customers are looking to consolidate and save money on CrowdStrike. And at the same time, Alex, as we mentioned, it's still a challenging macro environment. But I think the results you're seeing from us is the fact that the consolidation technologies and platform that we're delivering is working. We are providing more for our customers and consolidating other spend that they have, and they're taking that share of wallet and putting it with CrowdStrike from other vendors. And we gave you some, I think, really interesting stats around that. That's the simple version of it.

We've got the right technology we've got the ability to reduce their costs. We've got a partner network, which is delivering massive value for us. And when you put it all together, yes, it's challenging. But if you've got the right solution with the right offerings, we think we can be very successful. And I think the quarter that you just saw is reflective of what we've been saying for a long time and what we delivered.

Operator

And it comes from the line of John DiFucci with Guggenheim Securities.

J
John DiFucci
analyst

So George, you and your team have put a consistency in numbers. We just haven't seen from anyone over what's been described as a challenging IT spending environment, and I'm talking about the last couple of years, especially this quarter, I think we understand how early on you expanded the definition and the scope of the market you address.

And also more recently, you did something similar in broadening your market influence to customers of all sizes. But if the backdrop remains the same, at least for the rest of this year, and it doesn't get better, like a lot of people thought it would at the beginning of the year. Is it more of the same for you? Or are there other levers that you can or need to pull to continue to put up the impressive numbers that you have?

George Kurtz
executive

Sure. So thanks, John. I think you said it right. We -- Burt and I and the rest of the team, focus on consistency and delivering value to our customers. If we can provide the right technology and solve use cases and more importantly, listen to them, if you look at FalconFlex, which I talked about, which we're really excited and I know is going to continue to drive results for us. That was an outcome of listening to our customers.

We actually worked with several customers on putting that together. Buying it, how they want it, the way they want it, reducing friction in the procurement cycle. So that's what we're going to focus on. And I think I'll leave you with, if we take care of the customer, the rest takes care of itself, and that's, again, a hallmark of what we try to do at CrowdStrike and what Burt and I are focused on every day.

Operator

And thank you. With that, I will conclude the Q&A session, and we'll pass it back to George Kurtz for his final comments.

George Kurtz
executive

Thank you so much for joining our call, and we look forward to seeing you next quarter. Be safe. .

Operator

And thank you, everyone, for joining. You may now disconnect.