CrowdStrike Holdings Inc

NASDAQ:CRWD

Hello, and welcome to CrowdStrike's Fiscal Second Quarter 2025 Financial Results Conference Call. [Operator Instructions] Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the third quarter and fiscal year 2025 and any assumptions for fiscal periods beyond that, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

I would like to start today's remarks with my apology to everyone impacted by our Channel File 291 incident, which transpired on July 19. I also want to take this moment to show my gratitude to everyone who worked with us through the incident. Thank you to our customers and partners for your continued trust. Thank you to our team of relentless CrowdStrikers for living our mission. Thank you to the broader cybersecurity and IT community for standing with us as we face the most challenging event in our company history.

The magnitude of the July 19 incident will never be lost on me and my [ commitment this ] never happens again. These following incidents were among the most challenging in my career because I deeply felt what our customers experienced. Our response to the July 19 incident was immediate, deliberate and focused. We activated CrowdStrike's crisis response plan to lead through the incident. We clearly communicated status with customers partners in the market at large in our website, social media, e-mail, phone and broadcast. Our technical teams devise new automated recovery techniques for accelerated response. Our efforts were 100% focused on bringing impacted devices back online, the highest level of speed and transparency. This included the mobilization of CrowdStrikers in our partner community to communicate proactively and transparently with customers as well as the market at large and then recover impacted host. For many, recovery was within hours. We've already implemented the following actions to build a more resilient Falcon platform. First, enhance content visibility and control. While sensor version control was always a cornerstone of the Falcon operational experience, we've already released new content control configurations. This allows customers to choose when and where new Falcon content is deployed with new granular controls. Second, content QA enhancements. We already shipped an enhanced content validator and content interpreter, 2 of the components which did not properly function. These components have been refactored to prevent shipping erroneous content and were both made GA earlier in August. And third, external review and validation. We've engaged 2 independent third-party software security vendors to review the Falcon sensor and quality process. This ongoing work focuses on enhancing security and resiliency over the short, medium and long term. These 3 major actions are in addition to an enhanced content release process. Our content release process now mirrors the sensor release regimen. It consists of sample testing, internal lab and canary systems testing, early access soaking and lastly, a staggered concentric ring deployment and adherence with customer policy settings. The July 19 incident starts a new chapter for CrowdStrike, one focused on ensuring that cybersecurity's best AI platform for SOC operations, protection, visibility, response and automation is also cybersecurity's most resilient platform with built-in redundancy modes, new content controls and enhanced safeguards we've immediately addressed learnings from the incident and will continue to apply and evolve these lessons into our future. Moving to our Q2 results. Our execution following the July 19 incident highlights the resiliency of CrowdStrike's business. Our focus on transparency and accountability continues to inspire trust. Our track record and third-party validation of delivering the industry's best AI-powered protection continues to resonate at scale. As the July 19 incident was in the final 2 weeks of the quarter, when a meaningful portion of our sales typically close, it delayed deals into subsequent quarters. The vast majority of these deals remain in our pipeline. Despite its impact, I'm encouraged by the results we delivered. The enduring trust that prospects, customers and the market have in CrowdStrike is demonstrated by our Q2 performance, ending ARR of $3.8 billion, growing 32% year-over-year. Q2 net new ARR of $218 million, up 11% year-over-year within our pre-incident stated assumptions. Q2 revenue of $964 million, also ahead of our guidance. Record non-GAAP operating income of $227 million, growing 46% year-over-year. GAAP profitability for the sixth consecutive quarter and free cash flow of $272 million at 28% of revenue with a free cash flow Rule of 60. These financial results illustrate the resilience of our business and our team. Customers, prospects and partners recognize CrowdStrike's technological leadership and role in serving the market need for ongoing platform consolidation. This is why they continue to choose CrowdStrike. In the hundreds of customer interactions I've had in the July 19 incident, organizations of all sizes thematically shared 3 messages with me. First, necessity to understand the incident, our response and our actions to ensure it doesn't happen again. Second, acknowledgment of our trust record, gratitude for CrowdStrike safeguarding their organization over the years. And third, steadfast support for CrowdStrike continuing to be cybersecurity's innovation leader and their consolidation partner of choice. The breadth and depth of the Falcon platform spans 28 modules that revolutionize cybersecurity, stopping breaches for tomorrow's AI-powered SOC, covering cloud security, identity protection, device security, data protection, IT automation and next-generation SIEM, our portfolio is diversified. CrowdStrike is much more than EDR, and we appeal to a variety of personas across cybersecurity, IT, digital, risk and compliance teams. Over the past year, our LogScale Next-Gen SIEM, identity protection and cloud security businesses each expanded the power and reach of the Falcon platform, each representing resilient growth vectors outside of what was once considered our market back when I started the company. In Q2, our LogScale Next-Gen SIEM, identity protection and cloud security hypergrowth businesses together surpassed $1 billion in ending ARR and grew more than 85% year-over-year. These results reaffirm our [ continued investment ] in innovation, ushering in the next chapter of the Falcon platform. Let me provide a few examples showcasing how these products are disrupting their respective markets. Importantly, each of these customer wins was closed after the July 19 incident began. I'll start with Falcon Cloud, the industry's only integrated CSPM, ASPM, DSPM, CIEM, CWP and agentless solution. CrowdStrike's cloud security business is more than $515 million in ARR and grew faster than [ 80% ] year-over-year. 2 noteworthy post-July 19 wins, an 8-figure deal in a major enterprise software firm, where Falcon Cloud Security was already running on a part of the environment, replacing another next-gen cloud security vendor allowed this customer the opportunity to standardize on Falcon Cloud Security for ease of management across broad distributions and superior cloud [ security ] protection. Next, a 9-figure Falcon Cloud security purchase across one million hosts in a large enterprise for their production environment. Falcon Cloud Security's leading protection, visibility and operational scoring in their evaluation place CrowdStrike ahead of other cloud security products. Falcon Identity Protection continues to set the industry standard in the identity threat detection and response space. As of Q2, identity ending ARR surpassed $350 million, growing over 70% year-over-year. We pioneered this category and it's a key differentiator in our XDR value proposition. Now let's move to the LogScale Next-Gen SIEM business which is greater than $220 million in ARR and grew more than 140% year-over-year. The SIEM market continues to be in a state of renaissance where organizations of all sizes are drafting their next chapter of security and IT data management. Our LogScale Next-Gen SIEM momentum showcases CrowdStrike's ability to displace legacy SIEMs at scale and capitalize on market demand for AI-powered SOC operations. 2 exciting post-July 19 wins include an 8-figure win in which LogScale Next-Gen SIEM replace 2 legacy SIEMs. This customer was already a large CrowdStrike customer and the ability to store visualize and act on large amounts of first-party CrowdStrike data natively in a platform, significantly lower cost by more than 60%, while increasing functionality. Ingesting third-party data into the Falcon platform is not only more cost effective, but also differentiated in our incident workbench, which brings novel visibility and AI-powered response to the hands of every SOC analyst. What once took 2 legacy SIEMs is now natively in Falcon. And finally, a leading generative AI company that started using LogScale Next-Gen SIEM over a year ago, standardized on the technology and a 7-figure win. Winning the totality of their SIEM business as well as observability use cases was a function of LogScale Next-Gen SIEM search speed, the native nature of Falcon Data coupled with third-party data and response actions and improved TCO relative to their legacy SIEM. I'm reassured by customers and prospects feedback, wanting to do more with CrowdStrike post-incident as evidenced by multiple 7- and 8-figure platform expansions with most opting for multiyear deals. Eliminating complexity is a key component of achieving resilience, and we see the Falcon platform continuing to help solve a wide range of customer problems, simplifying cybersecurity and most importantly, stopping breaches. Our partner-first go-to-market continues to deliver at scale, connecting our technology platform with new and existing customers. CrowdStrike's preeminent partner position as a top security vendor by business size and number of transactions serves as a competitive moat. In Q2, 66% of our new logo business was sourced by our partners, showcasing our best-in-class partner go-to-market. In Q2, our systems integrator business grew over 100% year-over-year, highlighting Falcon as an industry driver in delivering multidisciplinary cybersecurity transformation. Our partners were instrumental in helping customers recover with noteworthy engagement from Accenture, KPMG and E&Y among a dozen others. Our strategic alignment and deep partnership extend our reach. In this vein, global system integrators are increasingly becoming a central part of our partner strategy, the Falcon Flex subscription model highly resonates with the transformative nature of GSI engagements. We unite and align our entire partner ecosystem with our use of cloud marketplaces in CrowdStrike's go-to-market. We've demonstrated the success and results of this strategy with AWS, helping customers not only secure their AWS cloud services but also procure CrowdStrike for the full range of their cybersecurity needs. Now 2 quarters into our expanded relationship with Google, CrowdStrike is the fastest-growing cybersecurity vendor on the Google Cloud Marketplace this year. Customers of all sizes are increasingly looking to utilize their committed hyperscaler spend, adding an additional layer of resilience through our go-to-market, aligning our entire ecosystem from reseller to systems integrator, MSSPs to distributors makes CrowdStrike cybersecurity's partner of choice. With CrowdStrike, the entire ecosystem wins together. Our resilient business platform and go-to-market position CrowdStrike to execute on our unchanged vision and mission, whether on July 18 or today, on August 28, our TAM and market opportunity remain unchanged. This is because, first, the need for cybersecurity simplification organizations of all sizes remain eager to simplify, consolidate and rationalize their cybersecurity product lineups. Streamlining operational processes goes hand-in-hand with SOC transformation with the goal of faster, more effective cybersecurity delivered at lower cost. Decreasing TCO and increasing efficiencies through AI and automation are clearly voiced organizational priorities and will be for years to come. Second, adversary proliferation and threat landscape acceleration. Released in our annual threat report several weeks ago, CrowdStrike's analyst and industry [ allotted ] threat intelligence is in a class of its own now tracking over 245 adversary groups. In the past year, our threat intelligence teams uncover threat actors applying to and actively working for more than 100 unique companies. The realities of the threat landscape necessitate effective cyber protection, and that is only intensifying. In the face of universally-accepted market needs [ and ] adversary realities, the resounding feedback I hear from customers is that CrowdStrike is their #1 and most effective cybersecurity control. This is not only because of product performance and efficacy but also because of the organizational process and orchestration built on and around Falcon. With greater than 7 modules on average deployed an organization spending $100,000 or more per year, the Falcon platform is firmly rooted with replacement requiring a multi-vendor, costly and time-consuming process, abandoning the protection and TCO benefits of a single platform consolidation. Our best-in-class module adoption, supercharged by Charlotte AI, our generative AI SOC analyst makes the Falcon platform sticky for all users as well as the data foundation of the SOC. This is why we continue aggressively investing in innovation to advance our track record of revolutionizing cybersecurity. This is why customers are looking to not only stay with us, but also expand their Falcon platform adoption. This is why our upcoming annual customer and industry conference, Fal.Con, is what I refer to as our largest selling event of the year. It is already an overflow with more than 5,000 security and IT executives and more than 95 sponsoring partners. Our unchanged vision and mission propels us to become an even better, even more resilient and even more customer-obsessed CrowdStrike. In working with customers post incident, we quickly mobilized around customer loyalty. We took inspiration from our Falcon Flex subscription program, a licensing model that's been rapidly gaining traction across all of our customer segments. In the year since we built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $700 million in total deal value. Flex supercharges platform adoption making it easier and faster for organizations to displace other technologies through flexibility, turning on and moving between modules without procurement and legal friction. Customers love the flexibility as it makes it easy to use more Falcon. In Falcon Flex, we also found a simple and effective mechanism to drive retention by offering compelling customer commitment packages. Our customer commitment package takes traditional module-by-module licensing into our Falcon Flex model, where customers can use any and all modules they wish at compelling economic values. Depending on need, the customer commitment package encompasses discounting, module [ adds ], professional services flexible payment terms as well as adding duration to a customer subscription. Our best-in-class module adoption is differentiating and leading indicator of CrowdStrike customers' behavior. And post incident, our customer commitment package will drive even more Falcon utilization and platform value realization in both the short and long term. Customers see this as an immediate win to realize maximum and differentiated value from the Falcon platform. It is also a long-term win for CrowdStrike, cementing us as the organization's cybersecurity platform of record. Customer feedback has been extremely positive because we're proactive in our approach and customers benefit because they get what they want, more Falcon. The blueprint for our customer commitment packages were Falcon Flex deals like this Fortune 500 insurance firm that I referenced before in the next-gen SIEM discussion. This customer has been with us for 5 years building over time from endpoint to identity. They had aspirations of consolidation and saw CrowdStrike as a platform where they could achieve their protection, automation and economic objectives. In the midst of this deal discussion, the incident happened. We work with them on a rapid recovery. Our trust record and value from the platform over time stood out. Through Falcon Flex, this customer accelerated consolidation. They contracted for every Falcon module, displacing 7 technologies. And through the AWS marketplace, their spend with CrowdStrike will grow from $2.2 million in ARR to more than $5 million in ARR over the subscription. Falcon Flex grew platform adoption through the subscription term and increased ARR over the multiyear period. Our customer commitment package will grow Falcon adoption, increasing platform stickiness, ROI and protection levels. Customer commitment packages are a proactive and concerted investment we're making to build long-term loyalty and seed long-term platform adoption. In closing, the past few weeks have been some of the most formative for CrowdStrike. Beyond apologies, I want our actions to speak even louder than our words. We work to recover customers quickly no matter the location or need, we focused on helping customers. Challenging and unprecedented moments like these are the true test of companies, teams and individuals. Our response has shown me that the golden rule I've led CrowdStrike with since day 1, put the customer first always, isn't just alive and well it's thriving. Cybersecurity's mission-critical role in today's digital society is undeniable. CrowdStrike's contribution to cybersecurity, bringing cybersecurity to the cloud, bringing AI to cybersecurity has profoundly redefined the industry, and we will continue to do so. We continue to invest in growth and innovation as well as safeguards to build cybersecurity's most resilient AI-powered platform. The mission of we stop breaches rings just as true today as it did prior to July 19. The most important part of CrowdStrike is the crowd, the people. Working at CrowdStrike isn't a job, it's a mission, the fight, the creativity and the will to make the world a safer place by stopping breaches is here. Our mission is alive and well, and I know that CrowdStrike's very best days are ahead of us. Thank you for your unwavering trust. And now I'll turn the call over to our CFO, Burt Podbere.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. In today's discussion, I will briefly summarize our second quarter financial results and provide our assumptions and investment priorities for the second half of the fiscal year. The strength of our second quarter results, we believe, demonstrates our resilience, focused execution, commitment to financial discipline and the long-term durability of our business. Despite the challenges of the last couple of weeks of the quarter, we delivered better-than-expected revenue, operating profit and net income. In Q2, ending ARR grew 32% year-over-year to $3.86 billion, of which $218 million was net new added in the quarter, up 11% over Q2 of last year and within our previously stated assumptions for the quarter. In Q2, we achieved our second largest quarter of all time for net new customer additions expansion business and net new ARR contribution from cloud, identity and LogScale combined. Prior to July 19, we are on pace to deliver net new ARR growth well ahead of these results. The July 19 incident had a significant impact on the last 2 weeks of the quarter as we rapidly mobilize teams to assist customers, but we continue to close deals, including a 9-figure [ in deal ] value expansion. While deals can push in any given quarter, this quarter, we experienced elevated levels with more than $60 million in deals that we had line of sight for the quarter and remain open as of Monday. We expect these deals to close in future quarters. Our retention metrics and module adoption metrics remained strong in Q2, highlighting our deep partnership with customers and the significant value that Falcon Platform delivers. Our dollar-based gross and net retention rates were consistent with our expectations for the quarter. Subscription customers with 5, 6 and 7 or more modules represented 65%, 45% and 29% of subscription customers, respectively. Notably, deals with 8 or more modules grew by 66% over the prior year and 48% of all customers with $100,000 or more in ending ARR adopted at least 8 modules, an increase of more than 10 percentage points over the prior year. Moving to the P&L. Total revenue grew 32% over Q2 of last year to reach $963.9 million, ahead of our expectations for the quarter. Subscription revenue grew 33% over Q2 of last year to reach $918.3 million. Professional services revenue was $45.6 million, representing 10% year-over-year growth. The sequential decrease in professional services revenue was primarily attributed to deploying complementary remediation services to help customers impacted by the July 19 incident. Record total gross margin of 78% increased by approximately 80 basis points year-over-year. Record subscription gross margin of 81% increased approximately 90 basis points over the prior year. Total non-GAAP operating expenses in the second quarter were $529.1 million or 55% of revenue compared to 56% of revenue in the prior year. Consistent with our plan, we increased the pace of hiring primarily in the areas of sales and marketing and R&D, growing total headcount by 22% year-over-year. In the second quarter, non-GAAP operating income grew 46% year-over-year to reach $226.8 million, and operating margin increased by more than 2 percentage points year-over-year to reach 24%. We delivered GAAP net income attributable to CrowdStrike of $47.0 million, growing more than 5x over Q2 of last year. Non-GAAP net income attributable to CrowdStrike grew 45% to reach $260.8 million or $1.04 on a diluted per share basis. Cash and cash equivalents grew to $4.04 billion. Free cash flow grew 44% over Q2 of last year to reach $272.2 million or 28% of revenue, in line with our expectations. And we delivered a Rule of 60 on a free cash flow basis. In regards to the impact of potential legal exposure related to the July 19 incident, I would like to note the following: the outcome of litigation is inherently difficult to predict, particularly in the early stages and it is still too early for us to estimate any potential legal exposure we may have at this time. Our customer agreements contain provisions limiting our liability, and we maintain insurance policies intended to mitigate the potential impact of certain claims and have a strong cash position. We continue to work hand-in-hand with our customers to ensure their success and are well positioned to continue investing in the business for long-term growth. Turning to our outlook. Taking care of our customers has always been and will continue to be our #1 priority. We believe this focus and commitment will benefit us and them over the long term. Customer retention remains remarkably strong and we do not expect this to meaningfully change in the foreseeable future. Gross retention was 98% at the end of Q2 and dollar-based churn in the last 5 weeks as of Friday was modestly lower than the same [ period last year ]. However, visibility into the back half of the year is less than typical. We expect the following factors to impact our near-term results: first, we delayed the vast majority of outbound pipeline generation activities for a few weeks following the July 19 incident. Outbound prospecting has since fully resumed and is rising to pre-incident levels of responses; second, we expect to see extended sales cycles for both new and existing customers with additional scrutiny requiring higher levels of approval at the CEO and in some cases, Board of Directors level; third, as George mentioned, through our customer commitment packages, we are encouraging customers to commit to more of the Falcon platform for longer periods of time. We are focused on making sure these commitments to the Falcon platform are one of the best decisions that IT and security teams make. As reflected in our revenue guidance in the short term, we expect our commitment packages will result in temporarily muted upsell dollar values and temporarily higher than typical levels of [ traction ] due to elongated subscription terms. We estimate these packages will impact net new ARR and subscription revenue by approximately $60 million and professional service revenue by high single-digit million dollars in the back half of FY '25. In the long term, we expect our customer commitment packages will ultimately lead to higher platform and module adoption and deeper partnerships with customers. And fourth, specific to free cash flow, we expect to have increased flexible payment terms for our customers. We will incur additional G&A costs associated with the July 19 incident. At this point in time, we are not providing a free cash flow margin expectation for the full year. We will maintain our long-standing focus on financial discipline and the bottom line with our attention squarely on the highest and best use of every dollar. As reflected in our guidance for the remainder of the year, while we will shift some planned investment from sales and marketing to further R&D, quality assurance and customer support, we are continuing to invest in our FY 2025 plan for the remainder of the year at this point in time. This will enable us to remain focused on our customers, protect the world against cyber threats and stay on track with our long-term investment and growth priorities. We expect these headwinds to remain in varying degrees for about a year with acceleration starting in the back half of next year. From the longer-term perspective, we expect to see operating margin improvement on an annual basis in FY '26. Additionally, we remain committed to reaching $10 billion in ending ARR by the end of fiscal year 2031 and achieving our target non-GAAP operating model on an annual basis by fiscal year 2029. I will provide a detailed update of our long-term model and FY '26 outlook after the conclusion of fiscal year 2025. Moving to our guidance. For the third quarter of FY '25, we expect total revenue to be in the range of $979.2 million to $984.7 million, reflecting a year-over-year growth rate of 25%. This includes an estimated $30 million impact from the customer commitment package we discussed earlier. We expect non-GAAP income from operations to be in the range of $166.7 million to $170.8 million and non-GAAP net income attributable to CrowdStrike to be in the range of $201.2 million to $205.2 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.80 to $0.81, utilizing a weighted average share count of approximately 252 million shares on a diluted basis. For the full fiscal year 2025, we currently expect total revenue to be in the range of $3,890.0 million to $3,902.2 million, reflecting a growth rate of 27% to 28% over the prior fiscal year. This includes an estimated $60 million impact from the customer commitment package we discussed earlier. Non-GAAP income from operations is expected to be between $774.7 million and $783.9 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $908.8 million and $980 million. Utilizing approximately 252 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.61 to $3.65. As George mentioned, Fal.Con 2024 is going to be our biggest customer event yet. The investor briefing will be held on September 18 and will feature conversations with customers and partners. To join Fal.Con in person, please contact our IR team for the registration information. The briefing will also be webcast live on our IR website. We look forward to seeing many of you there. George and I will now take your questions.

[Operator Instructions] Our first question comes from Hamza Fodderwala at Morgan Stanley.

Great. Congrats on the strong results. I wanted to commend you, George, Mike and the entire CrowdStrike team for your response and transparency since the outage event. So there's been a lot of talk, George, around whether Microsoft or customers perhaps may want to limit kernel access for future updates. I'm curious, in response to this outage, whether or not CrowdStrike will have to rearchitect their approach to the Falcon agent? And if so, would that be a meaningful undertaking that might push you away from the future innovation road map?

Thank you, Hamza. Yes, let me just try to take you through this with a little bit of detail. So despite a lot of the false narratives and misinformation from our competitors, I want to be clear that this was not a kernel update. This was a code update -- it was not a code update, it was a configuration update, and we already covered the remediation in our prior remarks. When we think about the architecture of what we've built and rearchitecting it, I've got to set the record straight on that as well. We have best-in-class architecture, and we lead the industry for a reason. We have greater efficacy, greater manageability and greater scalability than our competitors. And I just want to give you an example of that. If you look at the latest [ Midor ] results, Falcon had 98% coverage. Our next-gen competitor had 79% coverage. It took Falcon 4 minutes for [ mean time ] to detection. It took our competitor 47 minutes. And the list goes on and on. If we think about the architecture as well, we have a very lightweight agent, requires 100 megs of storage, our competitor has a heavy agent, requires 3 gigabytes of storage in the Windows environment. So we didn't become #1 in the market by having a poor architecture. We became #1 by having a great architecture. We talked about what we've changed here in terms of our configuration updates, and we feel confident about that going forward. And our customers feel confident about that. So we'll continue to work with Microsoft as part of the ecosystem as they look to provide further enhancements around kernel access. But just to be clear, there are thousands of software kernel drivers that are out there that go well beyond security, like VPN, virtualization software, IT management software backup software and a lot more. So we are one part of the ecosystem, and we're certainly a player that's going to help and work with Microsoft as they think about adding other mechanisms to allow the ecosystem to flourish.

Our next question comes from Brian Essex with JPMorgan.

Great. Congratulations from me on, one, a fantastic response to the incident; and then two, execution on the back of that is impressive. I guess, George, for me, obviously, you've got peers out there talking about benefit [ in your ] pipeline. We still have to see that in their numbers. But from your perspective, would love to get insight into what you're seeing from the pipeline. Obviously, you've called out the $60 million in deals that kind of pushed into 3Q. But from a competitive perspective, what are you seeing in terms of the number of peers that are invited into the process and maybe a little color around the conversations that you're having at the C level that are leading to some of those extended sales cycles that would be really helpful to get that insight.

Sure. Obviously, there's a lot of noise in the marketplace, and we can only control what we can control. And I think the best way for me to articulate that is to just recount some of the conversations. I had 2 customer calls this morning. And most of them start out the same. They talk about our response, how transparent we were and how we dealt with the problem. We talk about some of the mitigating steps that we've taken. And it generally ends with, we want to do more with CrowdStrike. I had one this morning, which was a customer that had an impact. We talked through it. They were satisfied with the controls that we put in place. And in fact, on the call, they basically said we won the next-gen SIEM project they had which we won against another next-gen SIEM competitor. So this is what we're seeing, and again, I'm recounting my calls and many, many of them sort of started in the same way. So that gives me encouragement again, that we've built a lot of trust with our customers over time. And we put a lot of trust in the bank. Yes, we had an issue on July 19. We've been very clear about that and very transparent. But consistently, the calls have been, you have saved us way more times than this incident and we are all in on CrowdStrike. And we're all in for all the reasons we've talked about in the past, the consolidation play, the ability to save time, money, get better outcomes and take 4, 5, 6 and 7 products and move them to the Falcon platform. That hasn't changed before the 19th of July and hasn't changed after the 19th of July, and this is what customers are coming back to us with.

The next question comes from Saket Kalia with Barclays.

Okay. Great. Can you hear me? George and Burt, can your hear me?

Yes, we can. Go ahead.

Yes, sorry about that. Awesome. Sorry about that, guys. I offer my congrats as well just on the resilience here in the face of a very tough couple of weeks. George, maybe my question is for you. I'd love to just touch on Falcon Flex a little bit. This is something that you were investing in before the outage as well. But it sounds like it's something that can also be helped for customers to maybe drive better security outcomes as well. Can you just maybe touch on that and how it's maybe helping that conversation post outage?

Sure. Well, when we think about Falcon Flex, this was born out of demand from our customers. If you look at our module attach rates, which we've gone through, again, many times in the past, and they continue to go up as customers rely more and more on CrowdStrike. They came to us and said, "Hey, we want an easier and more flexible way to consume your Falcon platform." When you start with one module, when I started the company and you read 28 today, is a lot that you have to go through with the customer. And we wanted to meet customers where they wanted us to be, which is more CrowdStrike, make it easier through procurement cycles and then ultimately allow them to consume it how and when they wanted to consume it. So we started down this journey a while back. And it continues to gain a lot of traction with our customers. We've taken this and you heard this in my prepared remarks, and we are able now through our customer commitment package to be able to offer Falcon Flex. And again, some of the things that we went through, whether it's modules or time or what have you, we can allow our customers to be able to consume that as part of the customer commitment package. And we think, overall, it's great for our customers because we're coming to the table and solving business problems. And also, it's great for CrowdStrike long term because we're allowing them a very flexible model to continue to consume CrowdStrike, which they know and love.

Our next question comes from Tal Liani with Bank of America.

Here we go. Now, you can hear me. Last night, there was one of your competitors that said that customers would be more afraid now to buy -- to put all their eggs in one basket, meaning buy more modules from a single vendor and they'll opt for diversification of customers -- sorry, vendors. And for you, at least in previous quarters, I didn't calculate this quarter, but about 2/3 of your growth came from upsell to existing customers. And the question is whether you have any evidence if the event change the appetite of customers to buy from a single vendor to buy from you specifically, have you seen any change of customers willing to buy for your ability to upsell to them the other modules, et cetera. And there's just -- I know it's one question, but there's just one thing that is a follow-up on something, Burt, see, full year EPS guidance translates into a very big 4Q EPS, if you can somehow go over it to make sure that we have the right numbers.

Okay. Tal, let me take the first part. So when we think about more modules, it gets back to what I just went through, customers want to do more with us. Obviously, we talk about what happened, why it's not going happen again, but they want to buy more from us. And again, customers' comments back to me are they don't want to go backwards. They don't want a bunch of disparate products. They don't want a bunch of different consoles. And they specifically told me that the adversary lives in the gaps between products, in the seams between products. So what they're looking for is the ability to cover more of their estate, right, to have a complete view. And when you look at next-gen SIEM, it allows us to take telemetry and logs in from other systems beyond the first-party data that CrowdStrike is generating. So I would say the long and the short of that is customers don't want to go backwards and have a patchwork of products they are still focused on the consolidation piece, and they're looking at us as one of the key consolidators in the market.

Yes. So on your question with respect to EPS as we thought about the impact to non-GAAP operating income, we talked about some of the headwinds that we had, mostly driven from revenue-side of the house. And we try to be consistent in the way that we approach the guide on both Q3 and full year. So that's how we thought about it when we gave our guidance.

The next question comes from Joel Fishbein with Truist.

And also really great transparency, George and Burt. My question is on guidance methodology. Burt, can you just go through a little bit of how you came up with the guide for the back half of the year, considering all the moving pieces. And I guess the question, how it changed relative to how you've done your guidance before? That would be really helpful.

Sure. On the revenue side, the biggest impact comes from the customer commitment package that George walked through. So that's the one that's going to drive the biggest impact, and we walked through the numbers in terms of revenue, the impact, we said $60 million in the back half, $30 million in Q3 and $30 million in Q4. So that was the biggest driver on revenue. And then obviously, that falls down to non-GAAP operating income. And so we did -- as we thought about it and we thought about how it impacts everything from revenue to EPS, we really took that prudent approach. There has been nothing in terms of big changes in terms of how we guide it, we guide to what we see, not to what we don't see. But again, the biggest impact was how the customer commitment packages impacted both the top and bottom. And they were consistent in how we applied the approach.

Our next question comes from Gabriela Borges with Goldman Sachs.

I would love to get a little bit more detail, George and Burt, on the customer commitment packages. And you mentioned a couple of dynamics there alongside duration and concessions. So maybe just a little more on how you came up with that $30 million number in 3Q and 4Q? And what are some of the guardrails and how you think about the appropriate amount of duration or discounting or concessions that you want to give customer to keep them happy and satisfied with the CrowdStrike platform?

Thanks, Gabriela. So in terms of how we came about the $60 million in the back half, we'll just focus on the net new ARR. We thought about 3 things, right? We thought about, hey, we've got -- we talked about the delay in pipeline generation. So that has an impact. We talked about longer sales cycles, that's due to increased scrutiny. And that's not just for us, but that's for, I think, most people in software and tech. And then we talked about the muted upsell value. So we took all those things into consideration when we thought about the impact on the customer commitment packages. As far as the packages themselves, you're right. We have different pieces within the package, George, outlaid them pretty well. We talked about some of them being discounts. We talked about some of them being duration. Duration has an impact of course, on net new ARR. But we also talked about product and product will have an impact more on COGS. So that's going to impact the bottom. So we took all those factors together to come up with our guide, and that's how we came up with the $60 million.

Our next question comes from Rob Owens with Piper Sandler.

Yes, Burt, I guess, as a follow-on to that. $60 million through the remainder of this year, but you talked about some of the weakness potentially persisting for a year in terms of net new ARR. So I know you're not guiding to the out year, but as we kind of contemplate this, should we think about this more on a 12-month basis? And then as the selling of these customer commitment package starts to anniversary and more normalizing relative to net new ARR growth and relative to maybe where margins were historically?

Thanks, Rob. So I think that this type of incident has a half life, right? So there'll be a diminishing impact over time. So Q3 will be harder than Q4. Q4 will be harder than Q1 and so on and so forth. I think the biggest piece for us is that when we get to the back half of next year, we'll start to see an acceleration in the business. And that's the big picture. And that's what I want everybody to walk away from.

Our next question comes from Matt Hedberg with RBC.

Actually, maybe a little bit of a follow-up to Rob's question. I think, Burt, you kind of addressed it that do you think part of that acceleration is some of these commitment's been expanding usage? In other words, what's a bit of a headwind now [ is ] part of that broader commitment that just kind of compounds on itself. In other words, is that part of that tailwind that we should think about next year in this renewal cycle of these commitments?

Yes. This is George. So when we think about the consumption of Falcon Flex, typically, what we've seen is customers consume more of it faster than they originally anticipated because we're providing value. So when we think about, to Burt's comments next year, obviously, it'll be more modules in use, and I think we have the ability to go back to those customers and understand what other things we can do for them, including looking at additional flex opportunities based upon what they've been using over the last period of time. Anything to add to that?

Yes. No, I think it's -- what George talked about, it's seeding for the future. And I think that starts to take play back half of next year.

Our next question comes from Fatima Boolani with Citi.

George, and even Burt, please chime in. So on this procurement vehicle, Falcon Flex, clearly, you've seen a tremendous amount of positive data points. You've shared them in the script. $700 million of deal value created with just one year in the market. I'm wondering if this is now going to be the predominant go-to-market approach for you all, in terms of incentivizing broader portfolio adoption? And then related to that, Burt, as we think about extrapolating some of the financial implications in the out years beyond your framed guidance. How should we think about renewal cycles in renewal conversations coming up that you could potentially steer towards these contracts such that you do still get an elongated period of maybe net new ARR growth. Can you help me sort of straddle those 2?

Yes. So when we think about Falcon Flex, again, born out of what customers wanted. We've seen tremendous success with it because it opens up the entire product portfolio to our customers. They can pick and choose what modules they want. They can leverage it, where they want it. As they acquire new companies as an example, it's very easy for them to add new modules or new endpoints or cloud workloads. It minimizes procurement cycles. So it's a great thing for customers. It's a great thing for us. And it is a -- one of the primary mechanisms we're using from a go-to-market motion going forward. So it is something that we put in place. We've seen the tremendous results from it, and we'll continue to lead with that into our customer base.

Yes. So all those things are the things that we're looking for, and as I think about the future in terms of our renewal opportunities, the Flex does offer more ability for the customers to consume more, to take on more, and that just bodes well for our renewal cycles, right? We want them to do that. And so by seeding them now, that's only going to bode better for us in the future and better for the customers, more importantly. I think they're going to benefit more and more as, look, we're going to come out with new products, right? And those are going to be available to them. And so that's how we think about the renewals and the new renewal possibilities as we look out into the future.

Our next question comes from Andrew Nowinski with Wells Fargo.

And I'm sure every organization that was impacted appreciates the transparency and the [indiscernible] response you have today. So I wanted to ask about really on the renewal cycle as well. I was wondering if you could just give us any more color around the mix of renewals throughout the year. I would imagine Q4 is typically -- has the most renewals out of all 4 quarters. But maybe if you could just provide more color on the mix, maybe which quarter do you think there's more risk to a higher mix of renewals in case they don't potentially renew?

Thanks, Andy. So 2 things. So one, there is definitely seasonality right in our business, and we've talked about it. You've highlighted Q4, that's typically our highest quarter of deals. And I think, second, what I talked about earlier, it's this idea of a half-life. The closer you are to the sun, the hotter it is, the more difficult it is in terms of the headwinds. And as you move farther and farther out, you see more relief. So the impact gets less. So if you combine those 2 things, that's how we would think about the renewal cycle.

Our next question comes from Roger Boyd with UBS.

I will add my congrats on the response and resilience demonstrated over the last month. George, just on the hypergrowth modules, Nice to see that group pass $100 billion -- or $1 billion collectively. It sounded like the timeline, you reiterated the $10 billion ARR target. It sounds like the timeline got pushed towards the longer side of the 5- to 7-year range you provided before. Would just love to get kind of your view on the durability of growth there. I get there's a lot of uncertainty, but just kind of -- any view on how you expect it to play out, is the right view that you just see this as kind of a 1-year speed bump towards those longer-term guidance.

Yes, I'll start and then I'll turn it over to Burt. When we think about the durability of CrowdStrike, I think we've demonstrated it this quarter, we've had a history of durable growth because we're solving real problems for customers. And when you look at some of the businesses that we talked about identity and cloud and next-gen SIEM, $1 billion is incredible when you look at the growth rate. So we've got multiple vectors of growth for CrowdStrike. We've got a massive TAM opportunity that's only getting bigger. And we always, at CrowdStrike, have and will continue to take a long-term view of the market. So we're going to deal with this in the short term. And then obviously, I think this sets us up well for the future. Burt?

Yes. So Roger, the key here is that we remain committed to reaching the $10 billion in ARR by the end of 2031. I mean that's the -- that was part of the range that we gave out in prior periods, and we're still committed to it.

Our next question comes from Joseph Gallo with Jefferies.

Can you just update us on the federal momentum. You're entering their biggest quarter. And how should we think about that business? Does the IT outage slow momentum there, given they're typically pretty conservative?

Sure. Well, Q3 obviously is the federal quarter. I think we've got good momentum. We've done I think, well with the sister relationship that we have. And as many things in the federal space, it takes time and we continue to build momentum and win deals in those categories. And not only federal, but we think about state and local, incredibly strong across the board. And we're just talking about the U.S., right? We do this for the rest of the world. So we like our opportunity there. Those are always long-term opportunities, but we're certainly encouraged in terms of the success that we've had so far.

Our next question comes from Gregg Moskowitz with Mizuho.

Okay. And also well done in terms of the transparency, I had a clarification just on the customer commitment packages and CrowdStrike's future expansion strategy. Is part of the plan effectively getting away modules to existing customers for [ upwards of ] the year? In other words, when you speak about an expectation of muted upsell dollar values and temporarily higher levels of contraction. Is this part of the seating strategy that you're referring to?

I'll start with, we always want to do the right thing for the customer and customers -- we're solving business problems, and they like our technology, they love our technology, right? So when we think about the opportunity to drive greater platform adoption, certainly, that should be added into the conversation. And what we've seen over time and we built a history of greater module adoption. You can see that since you've been tracking this from our IPO. So from that standpoint, we do think the long-term opportunity proves well for CrowdStrike. And having customers use more modules is always a good thing, and that's what we're focused on.

Thank you. This concludes today's question-and-answer session. I would now like to turn the call back over to George Kurtz for closing remarks.

So thank you all for your time today. We appreciate your continued support and look forward to seeing you at our upcoming investor event at Fal.Con. Thank you.