CrowdStrike Holdings Inc
NASDAQ:CRWD
Utilize notes to systematically review your investment decisions. By reflecting on past outcomes, you can discern effective strategies and identify those that underperformed. This continuous feedback loop enables you to adapt and refine your approach, optimizing for future success.
Each note serves as a learning point, offering insights into your decision-making processes. Over time, you'll accumulate a personalized database of knowledge, enhancing your ability to make informed decisions quickly and effectively.
With a comprehensive record of your investment history at your fingertips, you can compare current opportunities against past experiences. This not only bolsters your confidence but also ensures that each decision is grounded in a well-documented rationale.
Do you really want to delete this note?
This action cannot be undone.
52 Week Range |
210.07
392.15
|
Price Target |
|
We'll email you a reminder when the closing price reaches USD.
Choose the stock you wish to monitor with a price alert.
This alert will be permanently deleted.
Earnings Call Analysis
Q4-2024 Analysis
CrowdStrike Holdings Inc
CrowdStrike has carved out a leading position in the cloud security market, with a remarkable 200% year-over-year growth in net new Annual Recurring Revenue (ARR) for this segment. This rapid acceleration has bolstered their cloud security solutions to over $400 million in ending ARR, making CrowdStrike a dominant player among the world's largest cloud security businesses. The planned acquisition of Flow security is set to further distinguish their offerings with unique runtime data security capabilities, enhancing their already strong start in data protection and replacing traditional Data Loss Prevention (DLP) products in Fortune 500 companies.
The company's identity protection has doubled its ARR from the previous year, hitting $300 million. The overwhelming frequency of identity-related cyber attacks underscores the demand for CrowdStrike's comprehensive single-agent solutions integrated into its platform. This offering has resonated with clients and led to significant deals, proving that CrowdStrike's approach not only secures but simplifies their customers' security infrastructure by reducing dependencies on multiple vendors and multiple agents.
CrowdStrike's next-generation Security Information and Event Management (SIEM) solution recorded a year-over-year growth of 170%, amassing an ARR of over $150 million. Dethroning legacy SIEMs, CrowdStrike's solution appeals to businesses seeking advanced technology and better total cost of ownership (TCO). Multiple high-value wins against competitors testify to the strong market adoption and the advantage of integrating LogScale next-gen SIEM into the CrowdStrike platform.
The release of Falcon for IT and Charlotte AI underscores CrowdStrike's commitment to innovation. Customers are eagerly adopting these solutions to resolve complex IT challenges, and CrowdStrike's go-to-market strategy ensures these innovations are readily accessible without pressure or unnecessary bundling. The introduction of FalconFlex, a flexible licensing model, epitomizes this commitment by allowing customers to use products as needed over their subscription term, encouraging wider adoption and loyalty.
CrowdStrike has surpassed $1 billion in sales via the AWS Marketplace, further cementing its position in cloud security and underscoring the Falcon platform's strength and market validation. Industry recognitions and affirmations of leadership reflect CrowdStrike's excellence in both execution and vision, as noted by prestigious entities like Gartner and Forrester. The company's ecosystem, certifications, and threat intelligence fortify its status as an indispensable security asset for organizations of all sizes.
Fiscal year representation was stellar as CrowdStrike achieved 34% and 36% in ARR and revenue growth respectively, with a significant 86% year-over-year operating income increase. Net income and EPS more than doubled, marking GAAP profitability for the past fiscal year and solidifying confidence in exceeding a 30% free cash flow margin profile. This financial robustness is rooted in disciplined execution and strategic investments, which have helped escalate the ARR by over 10x since the IPO.
Looking ahead, CrowdStrike expects to maintain its growth momentum, projecting total revenue for the first quarter of FY'25 to range between $902.2 million to $905.8 million. This reflects a 30% to 31% growth rate year-over-year, with non-GAAP net income per diluted share anticipated to be around $0.89 to $0.90. For the full fiscal year of 2025, CrowdStrike anticipates revenue to rise by 28% to 31%, reaching between $3.924 billion to $3.989 billion. Non-GAAP net income is projected between $940.3 million and $989.7 million, with EPS expected to fall between $3.77 to $3.97.
Thank you for standing by, and welcome to CrowdStrike's Fourth Quarter and Fiscal Year 2024 Earnings Conference Call. [Operator Instructions]
I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Please go ahead.
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike and Burt Podbere, Chief Financial Officer.
Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the first quarter and fiscal year 2025 and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995.
These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports.
Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on the Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.
With that, I will now turn the call over to George.
Thank you, Maria, and thank you all for joining us today.
CrowdStrike delivered an exceptional fourth quarter that far exceeded our expectations. It was another quarter of records. Record net new ARR of $282 million, continuing our acceleration trend, growing 27% year-over-year. Record operating margin of 25%, up 10 percentage points year-over-year. Record free cash flow reaching 33% of revenue and a free cash flow Rule of 66. Record GAAP profitability and record cloud identity and next-gen SIEM ending ARR of greater than $850 million together more than doubling year-over-year.
These results illustrate CrowdStrike's substantial and widening competitive moat, exceptional business acceleration and validated market leadership. Building on my founding vision, CrowdStrike is the only single platform single-agent technology in cybersecurity that solves use cases well beyond endpoint protection. Falcon is the easiest and fastest cybersecurity technology to deploy and our single AI native platform makes vendor consolidation instant, frictionless and natural. The feedback we receive from customers, prospects and partners alike is consistent: eagerness to deploy the Falcon platform, ease of adopting more Falcon platform modules and excitement from continuous innovation with new Falcon capabilities delivered weekly.
Leaving stitched together point products and power point platforms behind, CrowdStrike customers realize the benefits of superior outcomes and lower TCO. A recent IDC report echoes this, showcasing $6 of return for every dollar invested in the Falcon platform. That is ROI. Free is never free. Customers understand the difference between product pricing and the total lifetime cost of operating inferior technology. Given the Falcon Platform's ROI and TCO savings, we believe we will continue to see favorable pricing dynamics.
I'm thrilled with our performance, which is a testament to the execution and passion from the very best team in cybersecurity unified by our focused mission: we stop breaches. My gratitude to all CrowdStrikers on a job well done. Our execution and discipline across the business coupled with overwhelmingly positive market feedback, gives me strong conviction in our fiscal year 2025 momentum, which Burt will cover in more detail.
The current macro environment remains stable and consistent with prior quarters. We expect continued deal scrutiny throughout this coming year. We remain focused on operational excellence while delivering market-leading growth at scale, assisting organizations of all sizes to consolidate and improve their cybersecurity.
In contrast to the macroeconomic backdrop, the state of the threat landscape has never been more elevated. In CrowdStrike's recent 2024 Global Threat Report, we unpacked the harsh realities of cyber today. Key findings include: First, attacks are faster than ever. What took adversaries hours has shrunk to minutes in seconds, attack speeds will only accelerate. Second, the cloud is increasingly under attack. We tracked a 75% increase in cloud intrusion attempts. The cloud is today's battleground for cyberattacks. And third, generative AI is an adversary force multiplier. Gen AI puts advanced cybercrime trade craft in the hands of attackers of all skill levels. Gen AI will dramatically grow the adversary population.
The Global Threat Report showcases our threat intelligence leadership. We collect trillions of threat signals daily creating one of the world's largest and fastest-growing cyber threat data set. From day 1, we've been an AI company, training the industry's most effective and accurate AI models to prevent attacks based upon our data moat.
Embedded in the Falcon platform is a virtuous data cycle where we collect cybersecurity's very best threat intelligence data, build and train robust preventative and generative models and protect CrowdStrike customers with community immunity. Our team of data science PhDs operate this continuous and real-time process, constantly evolving Falcon's AI foundation to predict adversary activity and stay ahead of threats. Our ever-growing data corpus and unique access to cyber's freshest data at the source alongside our technology and our human incident response, threat analysts, data science and engineering expertise together serve as a structural competitive advantage.
Along with AI, cybersecurity is a top priority in my discussions with numerous boards. In today's environment of heightened cyber attacks, the latest SEC breach disclosure regulation only increases the pressure on companies and their boards. We regularly assist boards with regulation readiness by bringing cybersecurity from the back room to the boardroom. This, alongside the severity of the threat landscape makes effective cybersecurity and increasingly mission-critical necessity.
That said, cybersecurity today is a frenetic vendor bazaar. Disjointed point feature copycat products clutter the market attempting to Band-Aid symptoms instead of curing the illness. OS vendors use their market position to create a monoculture of dependence and risk, and in many cases, serve as the breach originator. Even worse, multi-platform hardware vendors evangelized their stitched together patchwork of point products, masquerading as thinly veiled piecemeal platforms. And what organizations inevitably realize is that vendor lock-in leads to deployment difficulties, skyrocketing cost and subpar cybersecurity. The outcome is shelfware and sunk costs. ELA and bundling addiction become the only way to coax customers into purchasing nonintegrated point products. It's the organization trapped in these fragmented pseudo platforms riddled with bolt-on point products that are the ones suffering from fatigue.
In stark juxtaposition, what CrowdStrike customers tell us is that when you build the right single data-centric AI platform, deliver the right frictionless native solutions and architect the right go-to-market, organizations purchase because they need more, receive more and understand how cybersecurity transformation saves them time and money. Our deal metrics validate this.
First, record deal volumes. In Q4, we closed more than 250 deals greater than $1 million in deal value, more than 490 deals greater than $500,000 in deal value and more than 1,900 deals greater than $100,000 in deal value. Deal counts grew by more than 30% year-over-year across all deal segments. Second, record platform adoption. Deals with 8 or more modules more than doubled year-over-year. And lastly, continued rising win rates. In Q4, we saw steadily rising win rates across the board, validating our technological leadership over the competition. These results are driven by the following: the winning AI platform, the right solutions and our frictionless go-to-market motion.
Let me begin with our winning AI platform. The secret to cybersecurity's leading platform is our single platform has one console and one agent. It solves an ever-expanding set of cybersecurity and IT use cases. Our single platform is open. Our single platform is data-centric, AI native and scalable, delivering immediate time to value.
Key wins proved the value of the Falcon platform, which makes point product consolidation and vendor replacement a reality. Our recent 7-figure win in a Fortune 1000 company highlights how our platform consolidates at scale. Falcon replaced an OS security vendor, a legacy AV vendor and a next-gen vendor. We eliminated multiple Microsoft consoles and multiple agents to a single console, single agent and single platform of Falcon. Our platform approach organically inspires customers to deploy Falcon Cloud Security as their first CSPM, CIEM and ASPM solution.
An 8-figure multiyear win in a Fortune 100 business where the Falcon platform displaced 5 different products with recent breaches costing them hundreds of millions and costs too much to keep using ineffective cybersecurity tool. They purchased EDR, Next-Gen AV, Identity, biointegrity monitoring and vulnerability management, reducing the number of agents on their devices by approximately 50%. What used to require 5 installs is now done with 1.
There are countless similar stories. Our platform approach makes landing with multiple solutions at once easy and adopting increasing capabilities over time an organic experience. We collect data once and reuse it many times for today's and tomorrow's use cases. Our application of Gen AI makes cybersecurity predictive and accessible for all skill levels. It's all on one platform, one agent and one integrated workflow.
Next, delivering the right solutions our market-leading cloud security, identity protection and next-gen SIEM solutions are in demand because they solve painful customer problems. These businesses collectively are more than doubling year-over-year, each are IPO-able businesses and each play lead roles in Falcon platform consolidation.
I'd like to start with our breakout cloud security solutions where we are setting new records and winning at scale. Our cloud security momentum accelerated in the quarter. With net new ARR growing nearly 200% year-over-year and more than $400 million in ending ARR CrowdStrike, is one of the largest cloud security businesses in the market and was recently positioned as a market leader in Forrester's cloud security wave.
Here are a few recent cloud security wins. An 8-figure multiyear win in a hypergrowth AI company. This company's endpoint footprint is in the low thousands. However, with its rapidly expanding cloud estate, this transaction marks our largest inside sales deal of all time. Falcon Cloud Security protects their LLM development and cloud environment. This customer uses CrowdStrike Core, CSPM, CIEM, CWP and ASPM. From the SMB to large enterprises, our sellers and partners win with Falcon Cloud Security.
A leading hyperscaler grew its use of Falcon Cloud Security, praising our Linux capabilities. This large 8-figure transaction takes us deeper into the account where we're not only on every device, but now across large parts of their cloud. The win extends CrowdStrike leadership in securing the world's largest clouds.
A global financial services giant replaced their Palo Alto Prisma Cloud products in a large 7-figure deal. The Palo Alto Cloud Security products required separate management consoles and separate agents because cloud security is on a separate Palo Alto platform altogether. CrowdStrike was able to deliver an expected 70% time reduction in management as well as more than $5 million in annual staffing cost savings. The patchwork of multiproduct, multi-agent multi-console separate platform technologies resulted in visibility gaps, asynchronous alerts and overall fatigue managing cloud security. Falcon's single platform with its integrated cloud security component was a win for the customer.
Customers are starting to realize that CSPM doesn't stop the breach. It is a compliance and reporting tool. Cloud security has moved beyond CSPM. Customers are increasingly realizing that a holistic suite encompassing runtime protection is the only way to protect from active real-time threats. CrowdStrike built the first native single agent and agentless cloud security solution. We've taken cloud security beyond CSPM to include CIEM for securing cloud identity, ASPM for locating, controlling and securing cloud applications, CWP to stop malicious behavior and breaches. And now we turn to securing the cloud data itself that flows in and out of the cloud.
Turning our cloud security focus to date. We're incredibly excited to announce our intended acquisition of Flow security. Flow stood out as the most unique technology amongst a sea of early start-ups by delivering the industry's first and only cloud data runtime security solution.
Let me explain. The majority of companies and cloud data security focus on 2 things: discovery and classification. Here's where Flow stands apart: Runtime data discovery and classification. Data is analyzed, pre and post decryption, enabling precise and instant results; Real time and continuous data visibility, a live view into data risk, not just at rest, but also in motion with LLM powered adaptive policies; Data leakage prevention, the ability to block data exfiltration including the data exposed through Gen AI services. Simply put, Flow is the industry's first and only cloud data runtime security solution.
But we'll also enhance our native data protection module, which is off to a great start, already replacing legacy DLP products in Fortune 500 accounts. Customer frustration with legacy DLP is at a fever pitch. Similar to the days of legacy AV where outdated products overstayed their welcome. We will now be able to offer a cloud-centric next-gen alternative, addressing a market currently shackled by ineffective legacy vendors estimated to be an $8 billion TAM in CY '28. With Flow, we will have the most comprehensive data protection from code to application to device to cloud focused on stopping breaches.
Next, let's look at identity protection, which surpassed $300 million in ARR, more than doubling year-over-year. Q4 was also a record quarter of net new identity customer adds. With 80% of attacks involving identity vectors, we have made identity protection standard fare for modern cybersecurity because it is already integrated into our single agent. Other vendors attempt to offer identity protection through nonintegrated, afterthought features or simply lack identity protection altogether. Our identity threat detection and response module remains the market's only single-agent solution that stops lateral movement, protects credentials and secures where identities are actually born, active directory.
Wins from the quarter include a 7-figure deal with a mega cruise line using a next-gen product that can never be fully deployed. Upgrades and operations were a disaster. When I personally met with them, they were beyond frustrated with being the quality control test bed and tired of too many incidents that slip past their current vendor. Our identity solution delivered in one, not two agents, sets the Falcon platform apart.
An 8-figure transaction with a major chip manufacturer added identity to their Falcon deployment. Trapped in a large Microsoft ELA, this organization realized Microsoft needed to bring in a start-up to augment its current offering. This piecemeal approach to identity protection created a massive burden of deploying another unproven agent. The customer saw the immediate value of Falcon Identity. Our single agent and single-platform approach reduced their Microsoft dependency.
Lastly, let's discuss log-scale next-gen SIEM in inflecting Falcon platform solution. We added record net new next-gen SIEM ARR in Q4 and growing over 170% year-over-year. As of the end of Q4, our next-gen SIEM ending ARR is now greater than $150 million, selected by well over 1,000 customers.
Our next-gen SIEM is quickly emerging as the go-to Splunk alternative for all businesses looking to leave legacy SIEMs. Following M&A consolidation in the legacy SIEM market, and mounting dissatisfaction with a slew of withering SIEMs, the market is hungry for better technology, lower TCO and instant time to value.
In large-scale next-gen SIEM, all CrowdStrike data is already resident, saving the expense and time of data transfer. Customers are looking to standardize on the right cloud-native data centric platform for actioning their data, where they're manually searching, using automated AI-powered queries or trusting partners to manage their next-gen SIEM Falcon experience. With pipeline already in the hundreds of millions, there's overwhelming interest in LogScale scale next-gen SIEM.
One of many noteworthy wins from the quarter was in partnership with Deloitte, which has a hypergrowth LogScale next-gen SIEM practice. Together, we closed a 7-figure multiyear next-gen SIEM deal with a large European manufacturer displacing Splunk and Elastic and beating out Azure's Sentinel. This customer now has 16 Falcon platform modules deployed.
A major mobile computing company standardized on LogScale next-gen SIEM in a 7-figure multiyear deal replacing legacy SIEM. We competed against Palo Alto's XSIAM. The customer was looking for an open architecture versus a closed vendor locked-in approach to cybersecurity. The complexity of having to deploy many different Palo Alto products and multiple agents made CrowdStrike an even easier choice.
Lastly, a Fortune 500 hospitality brand grew its relationship with us, again, displacing Splunk and Azure Sentinel in a 7-figure deal. In partnership with E&Y and their global LogScale next-gen SIEM practice, this customer grew their SIEM use cases by bringing in security and IT data more than before, retaining that data for years and benefiting from faster searches.
LogScale next-gen SIEM was significantly faster than Azure Sentinel with a substantially lower total cost of operation, which helped drive this win. Our LogScale next-gen SIEM wins illustrate our sticky and growing data gravity with the businesses of all sizes. I can confidently say LogScale next-gen SIEM is one of the fastest-growing SIEM solutions on the market today.
Our pace of innovation has never been faster. We're incredibly excited to announce that Falcon for IT and Charlotte AI are generally available. As our customers look to solve increasingly complex IT challenges across their heterogeneous environments Falcon for IT excitement is palpable. Our customers are also excited about the gen AI productivity gains from Charlotte AI, where over 80% of our beta users believe they will save hours to days of work each week using Charlotte AI.
The third and final driver of CrowdStrike's growth at scale is our frictionless go-to-market. I'm a big believer that customers don't buy what they don't need and should never be forced to do so. At Falcon, we announced FalconFlex, a flexible licensing model where we enable customers to use the products they want when they want over the course of a multiyear subscription term. FalconFlex drives customer stickiness, enabling larger land and helping us expand with customers adopting more Falcon platform solutions faster.
A recent noteworthy FalconFlex deal was a multimillion dollar transaction with a Fortune 500 technology company that leveraged FalconFlex to go all in with Falcon, consolidating and displacing legacy IT hygiene products, point cloud products and legacy DLP products. The right platform solutions and go-to-market make a partner ecosystem's leading choice.
Some partnership highlights include: accelerating momentum with Dell. Since announcing our Dell partnership last year, we've transacted more than $50 million of total deal value together with customers in every segment and geography. We're in the early innings of where this partnership is going, and I'm thrilled with the momentum that we have with Dell as they standardize new offerings such as their own MDR service on Falcon.
Our MSSP business is growing by triple digits year-over-year, fueled by the right technology, strategy and partners. MSSPs increasingly want the platform, not part of the platform, to power cybersecurity transformation. MSSPs are bringing Falcon to tens of thousands of SMBs who lack the staff and time but still need the outcome of the industry's best cybersecurity.
Our AWS Marketplace business continues to accelerate at scale, surpassing $1 billion in sales the AWS Marketplace continues to be one of the fastest-growing routes to market. A vast majority of our marketplace business also transacts through resellers and SIs, where we've unified partners and cloud marketplaces for ease, speed and end customer value.
The Falcon platform is validated, tested and certified. Industry analysts regularly recognize Falcon and our leadership. Here are two recent examples. First, the Gartner's EPP Magic Quadrant. Our placement speaks for itself. CrowdStrike's positioning as highest in ability to execute and furthest to the right in completeness of vision in this year's Magic Quadrant solidifies our unequivocal market leadership ahead of Microsoft and every other vendor profile. Second, the Forester wave for cloud security placed CrowdStrike as one of only two leaders in the entire cloud security market, ranking highest for vision and innovation.
In conclusion, CrowdStrike's single agent, single unified data-centric platform and our mission to stop breaches sets us apart. Since starting the company, we brought cybersecurity to the cloud. We pioneered AI for cybersecurity, and we've quickly become the de facto security platform that disrupts, displaces and consolidates other vendors. I couldn't be more excited about the year we completed as well as our bright future. CrowdStrike's contribution to cybersecurity goes beyond technology. It's the power of the crowd. We are cybersecurity's community.
When cybersecurity professionals apply for jobs, CrowdStrike certification is the required skill set. In the reseller and ISV ecosystem, CrowdStrike is at the top of the line card. In SOCs across every vertical and geography, CrowdStrike is the security operating system. It's CrowdStrike that's on the screen. When talking about the threat landscape, CrowdStrike pioneered commercial threat intelligence that governments and companies of all sizes depend on. It's CrowdStrike that delivers billions of new threat detections every month to stop the breach. It's CrowdStrike that is the search bar of security, where analysts complete millions of XDR queries daily. It's CrowdStrike that created cybersecurity's first dedicated Gen AI stock assistant to make every user a power user. It's CrowdStrike where more than 0.5 million cybersecurity defenders log in every day to protect society by stopping breaches. The technology, the crowd, the mission, this is what makes CrowdStrike cybersecurity's definitive platform.
With that, I'll turn the call over to Burt.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. CrowdStrike delivered an exceptional fourth quarter and a record finish to the year, highlighting our outstanding execution, growing market leadership and accelerating adoption of the Falcon platform.
For the full fiscal year, we achieved 34% and 36% ending ARR and revenue growth, respectively, while delivering significant leverage on the bottom line. Operating income grew 86% year-over-year to reach a record $660.3 million or 22% of revenue. And net income attributable to CrowdStrike and EPS more than doubled to reach a record $751.8 million or $3.09 per diluted share.
Free cash flow grew 39% year-over-year to reach $938.2 million or 31% of revenue, exceeding our target for the year. Additionally, we are very proud to have achieved the important milestone of GAAP profitability for the past 4 quarters and full fiscal year in less than 5 years following our IPO.
Our achievements in fiscal year 2024 represent another high watermark for CrowdStrike. Through our consistent focus on execution, we have efficiently scaled the business, growing ending ARR by over 10x from our IPO in fiscal year 2019, delivering significant operating leverage and growing our free cash flow margin profile to above 30%. We continue to aggressively invest in our innovation engine and flank the company to achieve its vision of reaching $10 billion in ARR over the next 5 to 7 years.
Moving to the specifics of the fourth quarter, we achieved record net new ARR of $282 million, up 27% off of last year's record Q4, representing our second consecutive quarter of accelerating growth. And we finished the quarter with $3.44 billion in ending ARR, up 34% over last year. Demand in the quarter was broad-based, and we have a record Q1 pipeline as we executed on our platform strategy, closed many large consolidation deals and extended our leadership across the market from large enterprises to small businesses.
While companies may be fatigued with other vendors, they have embraced CrowdStrike's platform strategy and want to buy more of the Falcon platform. This is evidenced by, first, the number of deals with 8 or more modules more than doubling year-over-year in Q4. Second, subscription customers where 5 or more, 6 or more and 7 or more modules growing to 64%, 43% and 27% of subscription customers, respectively. Third, the number of customers with greater than $1 million of ending ARR growing to more than 580. And finally, the growth of deals with total value exceeding $1 million accelerated to over 30% and reached an all-time record at over 250 in Q4.
We finished the year with 29,000 subscription customers which excludes smaller customers served through our MSSP partners. We are landing bigger with new customers on average adopting 4.9 modules out of the gate, an increase over last year. Our gross retention rate remained high at 98%, and our dollar-based net retention rate was consistent with last quarter at 119%, which is slightly below our benchmark as the mix of net new ARR from new customers has remained above our expectations and we continue to land bigger deals. For the interim FY '24 quarters, Net retention was 119% in Q3, 119% in Q2 and 122% in Q1.
Looking into FY '25, a we expect our dollar-based net retention rate to fluctuate within plus or minus a few points of 120% as the business scales to even greater heights and customers continue to land bigger and with more modules. Moving to the P&L. Total revenue grew 33% over Q4 of last year to reach $845.3 million. Subscription revenue grew 33% over Q4 of last year to reach $795.9 million. Professional services revenue was $49.4 million representing 26% year-over-year growth. The geographic mix of fourth quarter revenue consisted of approximately 68% from the U.S., 16% from Europe, Middle East and Africa, 10% from the Asia Pacific region and 6% from all other markets.
Total gross margin increased by 282 basis points year-over-year to reach 78% and subscription gross margin was above 80% in the fourth quarter, an increase of 291 basis points over the prior year. Our strong gross margin performance was driven by our ability to command stable pricing, supported by the exceptional customer value delivered by the Falcon platform as well as our continued investments in data center and workload optimization.
Total non-GAAP operating expenses in the fourth quarter were $448.1 million or 53% of revenue compared to 60% of revenue in the prior year. Our strategic investments in talent and innovation underpin our ability to scale the business and deliver profitable growth.
In the fourth quarter, non-GAAP operating income grew 123% year-over-year to reach a record $213.1 million, and operating margin increased by 10 percentage points year-over-year to reach a record 25%. Non-GAAP net income attributable to CrowdStrike in Q4 grew to a record $236.2 million or $0.95 on a diluted per share basis, each more than doubling year-over-year. Our weighted average common shares used to calculate fourth quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 248 million shares.
We ended the fourth quarter with a strong balance sheet. Cash and cash equivalents and short-term investments grew to a record $3.47 billion. Cash flow from operations was a record $347.0 million. Free cash flow reached a record $283.0 million or 33% of revenue, achieving a Rule of 66 on a free cash flow basis.
Before I move to our outlook, I'd like to provide a few modeling notes. First, we are encouraged by the momentum in the business including larger deal sizes, increased win rates and a record Q1 pipeline. However, we continue to maintain a consistent and prudent approach to our outlook amid a macro environment that remains challenging, and therefore, the guidance we are providing today assumes a consistent challenging macro backdrop.
Second, while we do not specifically guide to ending or net new ARR, given the incredible performance of Q4, I will share our current seasonality assumptions with respect to net new ARR in Q1, which calls for Q1 net new ARR year-over-year growth to be at least double digits up to the low teens.
Third, given our strong momentum in the market, we are increasing our pace of hiring in FY '25 as we continue to invest in our innovation engine and go-to-market functions to scale the business to $10 billion of ARR and beyond. As a result of increased hiring in the first half of the year, changes to the timing of our merit cycle and the timing of certain marketing programs, we expect operating leverage to be more weighted to the back half of FY '25.
Next, we are raising our free cash flow target for FY '25 from between 30% and 32% to between 31% and 33% of revenue. Our assumptions on interest income and expense, CapEx and cash outlay for taxes will be included after this call in our earnings presentation available on our Investor Relations website.
Moving to our outlook. For the first quarter of FY '25, we expect total revenue to be in the range of $902.2 million to $905.8 million, reflecting a year-over-year growth rate of 30% to 31%. We expect non-GAAP income from operations to be in the range of $188.1 million to $190.8 million and non-GAAP net income attributable to CrowdStrike to be in the range of $220.4 million to $223.1 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.89 to $0.90, utilizing a weighted average share count of 248 million shares on a diluted basis.
For the full fiscal year 2025, we currently expect total revenue to be in the range of $3,924.9 to $3,989.0 million, reflecting a growth rate of 28% to 31% over the prior fiscal year. Non-GAAP income from operations is expected to be between $863.6 million and $913.0 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $940.3 million and $989.7 million. Utilizing 250 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.77 to $3.97.
George and I will now take your questions.
[Operator Instructions]. Our first question comes from the line of Saket Kalia of Barclays.
Okay. Great. Congrats to the team on a strong finish to the year. George, maybe for you. I think the number that sticks out the most to me from the quarter is the $850 million in ARR from maybe what I'll call platform products. So the question is, can you just talk about the competitive landscape in a couple of those areas like cloud security and SIEM. I mean, definitely a rising tide in some of those markets, but also some good competitors. What do you think is giving CrowdStrike a right to win in those markets?
Well, thanks, Saket. Obviously, a key part of our success has been that all of the modules are platform, which is really a key driver. And when I started the company, it was really about creating this data platform that allowed us to ingest data at scale and then create multiple use cases. And really, what you're seeing is many, many years of hard work that allow us to solve use cases beyond just core endpoint protection. So when we think about cloud security, customers are really looking to rationalize the alphabet soup of cloud products that are out there. And they're looking, not only for posture management, but runtime protection, and they want it all integrated into a data platform.
So I think given what we've done and some of the acquisitions, including now Flow, we are obviously well positioned in that area and a lot of interest from our customers, and we've seen a lot of success. When we think about the SIEM market and more -- maybe more importantly, the legacy SIEM market, customers are just frustrated with the existing technologies, the cost structure around those. And what they're looking for really is a data platform like CrowdStrike and now that LogScale's natively integrated into the product, it's a better way to give them the outcome they want, which is faster results, better overall outcomes and a lower TCO. So I think it's this data concept that we've been talking about for many years that everyone now is starting to see the fruits of our labor and how we can solve use case well beyond just endpoint protection. Burt?
Yes. So I would agree, George. I think at the end of the day, for us, when we're thinking about the different products that are in our portfolio. It's really about the platform. We sell the platform regardless of what are the products that are in the platform. They all kind of work off of each other, and we're just out there solving as many outcomes as we possibly can.
Our next question comes from the line of Brian Essex of JPMorgan.
Great to see the strong results from the team. George, you articulated a few thoughts on consolidation and pricing in your prepared remarks. But I wanted to ask a little more directly a maybe follow-up to Saket's question both for you and Burt. One of the other vendors in the space has talked about a strategy of platformization. So maybe with that in context, how does this impact your go-to-market and pricing?
Well, thanks, Brian, as you might imagine, I heard a lot about platformization over the last week. To me, it's kind of a made up [indiscernible] term. But what I believe our competitors are talking about is bundling discounting and giving products away for free, which is nothing new. In software and security software, it's been done for the last 30 years. So when we think about what we've seen in the past with other competitors. We know free isn't free. And what customers are saying is more consoles, more point products masquerading as platforms create fatigue in their environment.
And one of the things, again, that we've been focused on is that single-agent architecture, a single platform, single console that allows us to stop the breach, but more importantly, drive down the operational cost and supply many use cases or solve many use cases that are out there. So I've been around the block for a bit. I've seen this movie of wrap and roll and bundling together with multiple products that were acquired. And last time I saw that, I was at McAfee. So I don't know, Burt, do you have anything to add to that?
Yes. I think, George, look, at the end of the day, we sell on value. And we've never been a company that's done deep discounting. We've never been a company that has increased our prices to get more ARR. That's not us. And at the end of the day, for us, we're here to help customers get the greatest amount of outcomes at the lowest TCO, period. And to George's point, free is not free and good is not good enough.
Our next question comes from the line of Rob Owens of Piper Sandler.
I was wondering if you could address the modest step-up in billings duration. After a year of compressing durations, your total billings outgrew your short-term billings, and it does appear that customers are committing for longer contracts. Wondering if that's a function of your consolidated platform or another dynamic in the market?
Rob, so I think it's a couple of things. One, for sure, it's about the platform. But second, Q4 is -- historically, we've seen a lot more of the multiyear deals. We also see more renewals in Q4 as well. But billings in general, remember, it's a noisy metric, right? It's heavily influenced by duration and timing of deals within the given quarter. But -- and having said that, at the end of the day, we do manage the business to ARR. And that's the one that we focus in on. Billings for us is just an aftermath. You're right. It was a strong billings quarter, but that's not really how we run the business.
Our next question comes from the line of Joel Fishbein of Truist.
Congrats on the great execution as well. George, just a follow-up for you on the data market or the DLP market and congrats on the acquisition of Flow. Just curious how that will be integrated. You didn't really mention how big that is for you guys, but obviously, a very big market that is ripe for disruption. And maybe talk about the competitive dynamics of that market as well.
Sure. Well, we're excited about this because not only do we get the classification of data, but we also get the runtime protection in the cloud. So it's a perfect fit for our data protection module. And again, what I talked about in the prepared remarks was that there's a lot of similarities to what I saw when I started the company in legacy AV to legacy DLP. I don't even like the term DLP, we call it data protection because It's really about how data flows and data in motion, not only in a company's organization, but through all of their cloud and all of the applications.
So I think it's a perfect fit. We're excited about the team. We're excited about the technology. That will be integrated, of course, as part of our platform. We spend a lot of time on that, making sure the customer has got the right user experience. And we'll get this closed -- this acquisition closed out in the next couple of weeks and then we'll be heads down with the integration. But so far, so good on our data protection module. We've got some wins there and a tremendous amount of interest in replacing the legacy DLP technologies.
Our next question comes from the line of Andrew Nowinski of Wells Fargo.
It is a really amazing quarter again, particularly in light of some of the noise that's been in the market. So I wanted to ask about the expanded partnerships with Dell that you announced today and also about the -- I think, the Pax8 partnership that you announced at your user conference last year. I guess, first, how did both partners contribute to results in the quarter relative to your expectations? And then second, have you factored in the contribution from those partners into your FY '25 outlook?
Yes, I'll take the first part, and I'll turn it over to Burt. So we obviously are very excited about the Dell partnership. I'll start with them. I talked about that earlier. And really, we're in the early innings. We're winning deals, large enterprise all the way down to SMB, taking advantage of their reach and their go-to-market motion. So still early days, and we've already put up some big numbers from that partnership.
When we look at Pax8 and the like, again, it's still early days, but we've seen tremendous success, particularly down market in the SMB. And what customers are looking for, even the smaller customers are looking to solve big problems. They can't be hit by ransomware or they can't have an impact to their business. So it's a perfect model for us to get to those SMBs. And it's, like I said, early days, but tremendous results so far. Burt?
Yes. So I think that -- we're very excited about both partnerships with Dell and Pax8, they represent additional routes to market, but it's still early days on both of them, as George had mentioned. But they're one of many routes to market. We do believe that they're going to bring deals to us, and we're excited to have them on board as partners.
Our next question comes from the line of Tal Liani of Bank of America.
So one of -- some of the -- we had discussions this kind of past few weeks about the pricing environment of the XDR market and the ability to offset this with add-on modules. And the question is -- you touched on it, but I want to ask, do you feel -- the contribution of Microsoft and Cortex from Palo Alto and others, do you feel their impact on pricing of individual components off your package? And is the story -- is there a story about price compression of each individual components offset by the bundle or that you just don't see the XDR pricing pressure that Palo Alto was talking about.
Well, again, I mean I can -- I try to focus on what we've been able to do. And as the leader in the space, we've been solving problems for a long time. And when we look about -- we look at the impact that ransomware and some of these very prominent breaches have had, you're talking about hundreds of millions of dollars for companies. So to buy a platform that has the capabilities to stop breaches is really what customers are looking at. And when we think about sort of one-off modules or things of that nature, for us, we're looking at the total package and the solution of what we put together.
And of course, it's a competitive environment, but you have to have a competitive product, you have to have the right level of innovation, and you have to have the right go-to-market motion, which we talked about in some of the prepared remarks. So it has been competitive. It has -- will be competitive. But at the end of the day, what we're finding is that customers want the right outcome. And we've seen that free is not free, and we see that good enough is not good enough. And I think customers are smart enough to realize the difference between price and total cost. And that's what we've been able to show with every dollar spent on CrowdStrike is a $6 return on their investment. And we're going to continue to deliver value and outcomes for customers.
Our next question comes from the line of Alex Henderson of Needham..
Great. Thank you so much. So first thing you ever said to me, George, was that you're a platform, not an endpoint company. I think you've been proving it with high alacrity over the last year.
With the comments coming in about the platformization. It sounds like the response that you're having here is that the companies that are trying to do that are really just offering bundles of products, but they're not truly integrated. Your platform is based off of cloud native micro services, API-driven. And I think if you were to talk to the degree to which you integrate any acquisition into that platform, it would be radically different than what we're hearing or seeing from some of the other players.
So can you talk about why the micro service cloud-native architecture in a single platform integrated upfront is the way to go and how hard it is for companies that are trying to merge disparate packages into a platform that wasn't designed as a platform from the get-go because I think, ultimately, that's the key differentiator here. And I would think that with the acquisition of Flow, you'll be able to integrate it much more rapidly because it's API-driven, because it's micro service-based. Can you talk to that?
Yes. Sure, I can. Thanks, Alex. It's a great question. And I do remember our early conversations finally, and you're absolutely right about being the platform for cybersecurity when I started the company.
So when we think about architecture, architecture does matter and really what we've created is a very data-centric architecture that allows us to get data at scale into our platform, leverage our AI and then create the outcomes. It's that collect once, use many. We have a single platform. Our competitors have many other platforms as they call them. We have a single agent. Our competitors have 5, 6, 7, 8 agents depending on the competitors.
So when we look at our architecture, it was really designed from the beginning to solve the problems of today and the future problems. And the result of that is ease of use, the outcome that a customer is looking for, stopping breaches and lowering the cost, and future proofing what they want. I've -- in a prior life, I've been involved in companies that acquired a lot of products. And I can tell you, it is near impossible to stitch all this stuff together, particularly at the agent level unless you're very diligent about it.
And I can tell you from a CrowdStrike perspective, we've been very diligent about our acquisitions, as you've seen, and thoughtful on the pricing. But also what's important to realize is that we bought products and we really haven't sold some of them for the better part of 18 months because we wanted to focus on the integration, things like identity. And now we see the fruits of our labor. So it's this focused, long-term diligent approach to our acquisitions, I think, that have helped us because we started with a very innovative cloud-native platform from the beginning.
Our next question comes from the line of Roger Boyd of UBS.
Great. Congrats on a really strong end of the year. I wanted to talk about Charlotte. The customers that we've spoken to that were part of that early access program sound pretty positive on both what the product can do today as well as the pipeline and where it could go in the future. George, you said a couple of positive stats around automation. Any updated view on your ability to monetize the Charlotte product or the time line to monetization from here?
Well, yes, that is the goal. We already have paying customers in Charlotte. We just released it. So the good news for us, and I think the good news for our customers, is they see the value and they're willing to pay for it. Obviously, we're in the early innings of this. But the way we've architected it as a foundational component of our platform, it allows us to create expertise around different areas of the platform as well as automation, leveraging the native automation capabilities that we have.
So our overall goal, again, is how do you drive automation in the SOC, how do you modernize the SOC, and how do you take the collective wisdom of CrowdStrike and its years of knowledge in fast categories and bring that to bear for customers big and small? And so far, we've gotten the response from customers where they understand the time savings and the value that it can bring. So more to come on this. Obviously, we just GA-ed it over the last week or so. But overall, I'm very encouraged by what we're hearing and seeing from customers.
Our next question comes from the line of Matt Hedberg of RBC.
I'll offer my congrats as well, guys. Burt, your new ARR commentary was helpful for Q1. I'm curious, this time last year, I believe you talked about flat net new ARR growth for fiscal '24. And obviously, I think you guys did about 6% this year. Any just sort of like directional guardrails you give us from a full year perspective in terms of just thinking about it from a net new perspective?
So with respect to ARR, obviously, we don't guide to it. But we have talked about in the past where we've started the year in Q1 and build from there. And that's kind of really all I can really comment on ARR. You can kind of infer where we're going with our guide. And -- but at the end of the day, our guide -- the methodology has remained consistent, and that's how we think about it.
So it sounds like -- it sounds like your commentary on linearity, you would expect Q1 to be sort of the low point for net new growth -- or net new dollars for the year?
Yes, That would be accurate.
Our last question comes from the line of John DiFucci of Guggenheim.
Listen, as everybody said, these are really impressive results, no matter how you look at it, but especially as compared to others out there. I'd like to ask another question about the past is -- I know, George, you think, but that's why the past is the past. It's great. It's great to see. But I'd like to ask another question about the future.
I know Charlotte AI is the sexy new product. It's everybody -- are you an AI winner or are you a loser, I mean. And we'll see how that develops. But given your lightweight agent and all the data you collect or even could collect, it just seems that Falcon for IT could be a whole new world for you, which might make it harder given it might perhaps be a different buyer, but certainly worth it. I guess how should we think about the development of this product going forward, given your -- I know it just was generally available too, but I'm sure you've had early conversations with customers.
Well, I've got to tell you that the customer excitement around Falcon for IT is off the charts when we talked about it at Falcon and now that it's generally available. Customers are looking for a better solution in this area. And one of the things that we found is that the security team has been solving a lot of IT problems and challenges for IT for a long time, and we really needed to carve out a home for IT. So when you look at some of our competitors in that market, it's -- obviously, it's a pretty big market, but having a single agent and the ability to actually solve IT problems, which many of our customers were doing already, is fantastic.
So again, early days, but the feedback and the interest is off the charts for Falcon for IT, and it goes to the heart of how we built the platform. To collect data, it doesn't have to be security data. It can be almost any data related to either our agent first-party data or now third-party data we can ingest. And that solves many use cases beyond what we originally came to market with. So I think the sky is the limit there.
Thank you. I would now like to turn the conference back to George Kurtz for closing remarks. Sir?
So I want to thank all of you for your time today. We appreciate your interest and certainly look forward to seeing you at our upcoming investor events. Thank you so much.
This concludes today's conference call. Thank you for participating. You may now disconnect.