CrowdStrike Holdings, Inc. (CRWD) Q2 2022 Earnings Call Transcript

CrowdStrike Holdings, Inc. (CRWD -1.00%)
Q2 2022 Earnings Call
Aug 31, 2021, 5:00 p.m. ET

Contents:

• Prepared Remarks
• Questions and Answers
• Call Participants

Prepared Remarks:

Operator

Thank you for standing by, and welcome to the CrowdStrike Holdings second-quarter fiscal year 2022 financial results conference call. [Operator instructions] After the speakers' presentation, there'll be a question-and-answer session. [Operator instructions] As a reminder, today's conference call is being recorded. I will now turn the conference to your host, Ms.

Maria Riley, vice president of investor relations. Please go ahead.

Maria Riley -- Vice President, Investor Relations

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, president and chief executive officer and co-founder of CrowdStrike; and Burt Podbere, chief financial officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, and expected performance, including our outlook for the third-quarter and fiscal year 2022, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call.

While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risk and uncertainty. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results are included in filings we make with SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports that we filed with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP.

A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our investor relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George to begin.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Thank you, Maria, and thank you all for joining us today. We delivered an outstanding second quarter, with rapid subscription revenue growth and record net new ARR generated in the quarter. We saw strength in multiple areas of the business, added $150.6 million in net new ARR, and grew ending ARR 70% to exceed $1.34 billion. Our continued strong performance was driven by the groundswell of customers turning to CrowdStrike as their trusted security platform of record.

We saw strong demand across the market, which for us spans large enterprise, mid-market, and SMB customers. Our success in gaining share in each of these market segments is reflected in our net new customer growth rate, which, on an organic basis, accelerated in the quarter. In total, 1,660 net new customers chose CrowdStrike as their security partner, bringing our customer count to 13,080. The CrowdStrike brand is viewed as the gold standard in security.

We designed the Falcon platform and our security cloud to add value and improve the security posture of any organization, regardless of size and sophistication. Customers new to CrowdStrike this quarter included a household name in the consumer security space, one of the largest nonprofit healthcare organizations in the United States, a Fortune 50 global insurance provider, and our security partner proof point, who we are excited to deepen our relationship with as both a technology and security partner. I'm also pleased to highlight that Workday, a cloud pioneer and leading provider of enterprise cloud applications for finance and human resources, which CrowdStrike also uses, has now standardized on CrowdStrike Falcon across their multi-OS fleet. The threat environment remains fierce, as expanding attack surface and inherent vulnerabilities in widely used operating systems, along with the complexity of active directory, leaves companies of all sizes open to attack and provide a rich feeding ground for sophisticated and novice e-criminals alike.

The lessons learned from recent attacks emphasized that a breach involves more than just malware, which is why companies need to employ a holistic breach prevention strategy rather than overly relying on malware prevention, regardless if it's legacy or next-gen. As I've said before, nearly every breach you have ever heard of had two things in common, the victims had both a firewall and an antivirus solution, which is why we built the Falcon platform from the ground up to stop breaches and not just prevent malware. With this mission, CrowdStrike has turned the tables on the adversaries and has become a trusted leader in security. Meanwhile, competitors fall further behind as they continue to blindly promote a strategy that relies on malware prevention versus a comprehensive solution, focused on people, process, and technology that stops breaches.

According to recent data from our customer base indexed by Threat Graph, more than half of the detections analyzed were not malware-based. Attackers are increasingly attempting to accomplish their objectives without using malware. They are exploiting the proliferation of vulnerabilities and abusing systemic weaknesses in identity architecture to get on the system and then moving laterally, thus making it more difficult for legacy and next-gen malware-focused products to be effective because they are not focused on breach prevention. To further demonstrate my point, I'd like to share a recent customer win with a Fortune 500 company that was using Microsoft's legacy security products that failed to rise to the challenges of today's adversaries and ended up unnecessarily costing them millions of dollars.

This company experienced a long and difficult deployment process, particularly in low bandwidth environments where endpoint performance was critical. Notably frustrated, this company began to evaluate alternatives when it was unfortunately hit by ransomware that encrypted their primary and backup data, causing weeks of business disruption and a financial impact estimated to be in the tens to hundreds of millions of dollars. This is when they turned to CrowdStrike. First, by bringing in our incident response team to remediate and stabilize their IT operations, and followed by deploying Falcon Complete across their environment.

Our approach to stopping breaches with the Falcon platform is foundational to CrowdStrike's leadership position in the market and the epicenter of restoring trust to the security posture of companies worldwide. Using AI, machine learning, and an intelligent lightweight agent, the Falcon platform defends against today's most sophisticated threats with unmatched speed and simplicity. CrowdStrike's Threat Graph combines a massively scalable threat intelligence database with AI-powered analytics to detect, prevent, predict, and mitigate advanced attacks and zero-day exploits. Threat Graph and Falcon's XDR capabilities continuously ingest massive volumes of life telemetry data from Falcon endpoints and other sources at [Audio gap] scale.

The Falcon platform processes approximately 1 trillion events per day from millions of agents, delivering unprecedented security insights, Bytes. This empowers Falcon to benefit from crowdsourcing and economies of scale unlike any other solution on the market today, which we believe enables our AI algorithms to be uniquely effective. The success of our platform strategy and growing leadership as the trusted security partner of choice is also reflected in our module adoption metrics, which we have continued to increase quarter after quarter. Subscription customers that have adopted four or more modules, five or more modules, and six or more modules increased to 66%, 53%, and 29% respectively in the second quarter.

We believe that our extensible Falcon platform, purpose-built to collect data once and reuse it many times to address multiple use cases, not only provides customers an advantage over adversaries and lowers TCO, it is a cornerstone to building a durable growth business over the long term. As we innovate on the platform, customers can derive even more value from their CrowdStrike investment. Take for example a midsize healthcare organization who despite their limited budget and security staff was looking to bolster its security in the wake of repeated attacks against their peers. This organization initially thought they only needed to add a SIM solution but quickly realized the implementation and maintenance would be a burden to their current security posture.

Whereas with CrowdStrike's Falcon Complete, Falcon Zero Trust, and Humio, they could transform their security posture, have round-the-clock monitoring, gain identity visibility and risk scoring, and implement a highly effective log management solution for less than the cost of purchasing a stand-alone SIM product. This customer was also amazed by Humio's speed of ingestion and ability to query data in real-time, which they deemed critical given the rise in malicious cyberactivity, targeting the healthcare sector. Customer interest in Humio is very high as the ability to log everything and get answers in real-time is a growing necessity. In Q2, we secured new Humio deals across multiple industries, including technology, healthcare, hospitality, and financial services.

Additionally, Humio is already off to a great start in Q3 with a seven-figure land and growing pipeline. The integration of Humio into our already market-leading XDR capabilities is on track, and we are encouraged by the growth opportunities we see in this area. We look forward to showcasing more of our leading XDR capabilities at Falcon in October. I will now highlight several of our cloud modules that are gaining exceptional traction with customers as the threat landscape has intensified.

First is Falcon Complete, our turnkey manage, detection, and response subscription. The heightened threat environment has put a significant strain on cyber resources and has exacerbated the skills gap in the industry. Recent reports indicate that over 3 million cyber jobs are unfulfilled, which is more than double the current number of professionals currently working in the field. Falcon Complete combines the advantages of our security cloud, the technology in our Falcon platform, and a team of threat hunters and responders to deliver gold standard security around the clock at scale with superior economics to organizations of all sizes.

This translates to stopping breaches that extend far beyond the prevention of malware and that leverage legitimate software or services, exploit system misconfigurations, or abuse legitimate credentials. In recent quarters, we have seen a significant increase in the Falcon Complete customer base, which has grown approximately 2.5 times year over year. Additionally, just last week, Falcon Complete was named a leader in IDC MarketScape for U.S. manage, detection, and response services.

Within the report, Falcon Complete was recognized for strength in its breach prevention warranty, fully remote automated remediation, breadth of threat hunting capabilities, and strong machine learning and artificial intelligence capabilities for detection and response. The next module on the Falcon platform I would like to highlight is Falcon Spotlight, which leverages the power of the cloud to provide real-time vulnerability assessment and AI to prioritize vulnerability remediation without impacting performance of the network or endpoint. Real-time vulnerability management is becoming a necessity for a proactive security posture given the continued targeting of core functionality and vulnerabilities in the Microsoft ecosystem and increase in zero-day exploits such as the recent Microsoft PrintNightmare vulnerability. Demonstrating the power of Falcon's network effect, we leveraged the massive amount of data and intelligence available in our security cloud in our AI model to predict that this newly discovered vulnerability would be exploited by adversaries.

Using this data intelligence allowed us to provide customers with real-time visibility into their exposure. Our ability to provide real-time vulnerability management significantly differentiates CrowdStrike, and it's directly attributable to the fundamental architecture of our cloud-native Falcon platform that enables us to collect data once and reuse many. We believe our success to date with Spotlight is an excellent illustration of our ability to leverage the CrowdStrike's security cloud to stop breaches and drive module adoption. Spotlight's ability to provide visibility in real-time into PrintNightmare exposure, without deploying new agents or scanning, was a significant driver of no-touch trials generated through the CrowdStrike's store.

Spotlight has also become strategic in the sales process, with a number of Spotlight customers growing more than 150% year over year in Q2. Next, I will briefly discuss Zero Trust. The recent Kaseya breach, which is reported to have impacted over 1,000 companies from a single breach, serves as a reminder to the far-reaching impact of a supply chain breach and the importance of a zero-trust architecture. It is also important to remember that most ransomware outbreaks have a compromised identity component.

Shoring off this threat factor is critical to stopping breaches and lateral movement. Customers are increasingly turning to a zero-trust solution to combat threat actors that leverage identity-based attacks and move laterally within their targeted environments. CrowdStrike has the only zero-trust solution on the market today that combines endpoint, workload, and identity visibility, and behavioral analytics to secure environments and prevent lateral movement. Moving to cloud.

More and more organizations are waking up to the fact that adversaries do not draw much of a distinction between targeting data on an endpoint versus a cloud environment. As an innovator in cloud security and operator of one of the largest clouds, organizations are turning to CrowdStrike to protect their cloud estates. I'd like to share with you a recent customer win that demonstrates how cloud-native organizations can leverage the Falcon platform to achieve best-in-class security that empowers their business model instead of clashing with it. A cutting-edge enterprise AI platform company and a member of the Forbes Cloud 100 was experiencing stability and scaling issues when trying to use a competitor's cloud security offering that was built through M&A.

As a company on a mission to reduce their own customer friction and deliver actionable intelligence, they felt it was critical that their security partner could match their speed and scale in the cloud instead of slowing them down. With these requirements in mind, this cloud innovator selected CrowdStrike for its ability to provide a fully integrated and fully managed cloud solution through a single pane of glass with a single team. This customer purchased Falcon Complete with Cloud Workload Protection and Falcon Horizon to fully manage both their traditional endpoints and cloud workloads. This new customer found immense value in Falcon's cloud offerings across their EC2 and AWS Fargate infrastructure, making CrowdStrike the perfect partner to scale with their business.

To summarize the power, breadth, and value the Falcon platform provides and the importance of building trust with customers, I will share two more customer wins with you. The first is with a large media company that was using a legacy provider and was hit with a severe ransomware attack that quickly spiraled across their business. They called on CrowdStrike services who leveraged both Falcon EDR for visibility, as well as our new module, Falcon Forensics, which automates the data collection and accelerates incident analysis, to help them quickly locate the root cause and take back control of their environment. Following remediation of this breach, this new CrowdStrike customer was eager to transform the security posture and adopted 11 Falcon modules, including Falcon Complete, Discover, Spotlight, Falcon X Recon, Cloud Workload Protection, and Falcon Zero Trust to proactively secure and fully manage their workstations, cloud workloads, and identity layer, as well as provide visibility into their IT assets and vulnerabilities.

Next is a customer when I spoke about earlier was one of the largest nonprofit healthcare organizations in the United States. Given this company is a nonprofit, budget really matters, but not at the expense of breach protection. This customer was looking to refresh its endpoint strategy and move away from their existing vendor, Cylance, given it lacks the focus, efficacy, and the customer service they have been promised. Without a security partner they could trust to protect them, they felt vulnerable as incidents were not identified or remediated at the speed required to stay ahead of today's threat actors.

The competitive bake-off initially included multiple next-gen and legacy vendors. The low-cost next-gen product was quickly eliminated because the system realized the overly prevention-focused approach was too similar to legacy tech. Ultimately, this customer chose CrowdStrike as their trusted security partner given Falcon's low false-positive rate, manageability at scale, ease of use, and performance that stood out prominently over all others. Additionally, our frictionless deployment was once again a key differentiator as Falcon was deployed across nearly 400,000 endpoints in just a few weeks.

Moving to our partners. As we have discussed before, we are a partner-first company and believe the rapid expansion of our partner ecosystem is a direct reflection of our growing leadership position. Partners naturally gravitate to market leaders as it helps them bring in new customers. And likewise, customer choice helps propel vendor prominence within the partner community.

Our leadership position is driving strong engagement [Audio gap] partners of all sizes, which is contributing to our growing presence among the highest levels, including boards and CIOs. For the first half of fiscal 2022, our partner-sourced ending ARR nearly doubled year over year. Investing in our partner ecosystem continues to be a key priority. In July, we teamed up with Telefonica Tech to bring the power of the Falcon platform to their hundreds of thousands of customers across Europe and North and South America.

Coupling CrowdStrike's Falcon with Telefonica's NextDefense MDR offering, our joint customers now have trusted and proven next-gen endpoint protection and world-class services. We are also excited to announce a new strategic alliance with Horizon. Through this collaboration, the CrowdStrike Falcon platform will be positioned as part of Horizon's business security portfolio to provide comprehensive endpoint and workload protection that spans prevention, detection, and response capabilities. Horizon business will be able to manage CrowdStrike through their manage, detection, and response and CRM services, and we are thrilled to team up with them to help joint customers stop breaches and reduce cyber risk.

In summary, I couldn't be more confident in our leadership position and opportunities for growth. I do not see another vendor in the market with our vision, platform, or ability to execute at scale. Our leadership as a trusted security platform of record and strong financial performance stands as a testament to CrowdStrike's dedication to innovation, protecting and delivering value to customers, and transforming the security industry. I'd like to thank every CrowdStriker for all that they do day in and day out to make us the best in the business.

With that, I will turn the call over to Burt to discuss our financial results in more detail.

Burt Podbere -- Chief Financial Officer

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue, mentioned during my remarks today are non-GAAP. We once again delivered exceptional results. In addition to strong growth at scale, in the second quarter, we continued to maintain very high unit economics, drive leverage, and remain very capital efficient, generating strong operating and free cash flow.

Additionally, we continued to perform at a high level well in excess of the SaaS industry's Rule of 40 benchmark, once again achieving a Rule of 80. Demand in the quarter was broad based and well-balanced, fueled by strength in multiple areas of the business as we expand our leadership across the market from large enterprises to small businesses. We once again ended the quarter with a record pipeline, which we believe indicates a strong foundation for future growth. In the quarter, we delivered 70% ARR growth year over year to exceed $1.34 billion.

Rapid new customer acquisition, as well as expansion business within existing customers, drove substantial growth in the second quarter, once again resulting in very strong net new ARR, which came in at an all-time high of $150.6 million. Our dollar-based net retention rate was once again above our benchmark. Moving to the P&L, total revenue grew 70% over Q2 of last year to reach $337.7 million. Subscription revenue grew 71% over Q2 of last year to reach $315.8 million.

Professional services revenue was $21.9 million, setting a new record for the fourth consecutive quarter and representing 49% year-over-year growth. In terms of our geographic performance in Q2, we continued to see strong growth in the U.S., as well as international markets. Revenue growth in the U.S. was 73% and contributed approximately 72% of second-quarter revenue.

Approximately 14% of revenue was derived from Europe, Middle East, and Africa markets, 10% from Asia Pacific, and approximately 4% from other markets. Second-quarter non-GAAP gross margin was 76%, up more than 150 basis points from Q2 of last year. Our non-GAAP subscription gross margin was 78% and not more than 90 basis points from Q2 of last year. We're continued to be pleased with our strong subscription gross margin performance.

While we expect subscription gross margin to fluctuate quarter to quarter, we expect it to remain solidly within our increased target model range of 77% to 82% or more as we march to fiscal year 2025. Total non-GAAP operating expenses in the second quarter were $222.4 million, or 66% of revenue, versus $140.9 million last year or 71% of revenue. As planned, we continued investing aggressively in our business during the quarter, including increasing investments in new technologies, international geographies, and marketing programs. We believe the investments we are making today will lead to sustained growth over the long term and maintain our pole position as the trusted security partner of choice.

Scaling our business efficiently remains a top priority, which is why we intensely focus on our unit economics, including Magic Number. Our go-to-market engine is executing on all fronts to seize the strong demand we see in the market so we can help even more customers restore trust in their security posture. In Q2, we ended with a Magic Number of 1.4. Our continued exceptional unit economics speaks to the efficiency of our go-to-market engine and frictionless sales motion, which we specifically designed to rapidly onboard and support customers of all sizes.

It also indicates that we should increase investments in order to capture even more of the market opportunity at hand, which is exactly what we are planning. Second-quarter non-GAAP operating income was $35.3 million, and operating margin improved more than 6 percentage points over Q2 of last year to exceed 10%. Non-GAAP net income attributable to CrowdStrike in Q2 was $25.9 million or $0.11 on a diluted per share basis. Our weighted average common shares used to calculate second-quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled 238 million shares.

We ended the second quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $1.79 billion. Cash flow from operations in the second quarter was $108.5 million, and free cash flow was $73.6 million or 22% of revenue. This brings our free cash flow as a percent of revenue to 30% for the first half of the year.

Moving to our guidance. We remain optimistic about the demand for our offerings, record pipeline, and the powerful secular trends fueling our growth. Given the growth drivers of our business, as well as our exceptional second-quarter performance and momentum into the third quarter, we are raising our guidance for the fiscal year 2022. While we do not specifically guide to ending or net new ARR, we expect seasonality in net new ARR to be less pronounced relative to prior years as we moved from Q2 into Q3 given our steady climb at a much higher scale in recent quarters.

Additionally, please recall that our net new ARR in Q3 of last year included approximately $6.8 million in acquired new ARR. For the third quarter of FY '22, we expect total revenue to be in the range of $358 million to $365.3 million, reflecting a year-over-year growth rate of 54% to 57%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $29.4 million to $34.7 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $19.7 million to $25.0 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.08 to $0.10, utilizing a weighted average share count of 240 million shares on a diluted basis.

For the full fiscal year 2022, we currently expect total revenue to be in the range of $1,391.2 million to $1,409.4 million, reflecting a growth rate of 59% to 61% over the prior fiscal year. Non-GAAP income from operations is expected to be between $138.5 million and $152.1 million. We expect fiscal 2022 non-GAAP net income attributable to CrowdStrike to be between $102.9 million and $116.5 million. Utilizing 239 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.43 to $0.49.

George and I will now take your questions.

Questions & Answers:

Operator

Thank you. [Operator instructions] Thank you. Our first question comes from Saket Kalia of Barclays Capital. Your line is open.

Saket Kalia -- Barclays Investment Bank -- Analyst

Hey, guys. Thanks for taking my question here. George, maybe for you. I was wondering if you could talk a little bit about the environment for big deals and what you're seeing out there.

You know, I think we all see the threat environment. I think you called it fierce in your prepared remarks. You know, I'm curious how you're seeing that sort of manifest itself in bigger commitments with [Technical difficulty]. Does that makes sense?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. Sure. Good to hear from you. So, as you indicated and as I talked about in the prepared remarks, the threat environment, again, continues to get worse.

We've seen a lot of the ransomware attacks and what it's done. And in particular, it has impacted business resiliency. It's no longer the case of encrypted computer and, you know, Reimage, and carry on. It's impacting massive amounts of business and costing hundreds of millions of dollars.

And I can tell you, I've done more board briefings in the last two months than I've ever have. Seems like one a week to audit committees on this topic, particularly ransomware. When you look at big deals and how does this kind of translate? When you look at these big deals, we're talking about the media company, that was 11 modules that we've landed with. So, big lands and some real big commitments from customers saying we want all in on your platform, we want all in on Humio, and we spent a lot of time consolidating other technologies and removing agents, and driving value to customers.

So, the big deals, the big enterprises, the big lands continue to be there. And I think we continue to get stronger and stronger every quarter in these areas.

Saket Kalia -- Barclays Investment Bank -- Analyst

Got it. Very helpful. Thanks, George.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Thanks.

Operator

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open. 

Sterling Auty -- JPMorgan Chase & Co. -- Analyst

Yes, thanks. Hi, guys. So, since SentinelOne went public, I think the No. 1 question I still get is what's happening with market share and what's the kind of competitive win rates, especially in different market segments as you look to go downmarket? I wonder if you could just kind of comment on what you're seeing.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. Good to hear from you, Sterling. We've actually seen an increase in our win rates across the board, legacy and next-gen. You know, obviously, we spent a lot of time in the enterprise, but we have a very robust mid and SMB business, and we've seen strong results across the board.

You know, there's a lot of noise, but I think you have to look at the numbers that we put up on the board. And, you know, one quarter of our net new ARR is probably 94% of their total ARR. So, you know, when we think about this, it's a big market. Customers have a lot of choice.

And, you know, they're focused on breach prevention, not just detecting malware. And I think our platform, our ability to scale, our ability to get immediate value on rollout, and manageability, these are all things that are really important to not only large enterprises but also to the small and SMB customers out there. So, that's what we've seen so far. 

Sterling Auty -- JPMorgan Chase & Co. -- Analyst

Makes sense. Thank you. 

Operator

Thank you. Our next question comes from Brent Thill of Jefferies. Your line is open. 

Unknown speaker -- Jefferies -- Analyst

Hey, guys. This is Joe on for Brent. Really appreciate the question. Maybe if you look out over the next 18 months, can you just rank your growth drivers? Is there any low-hanging fruit still there in core endpoint or is it going to come from, you know, XDR, the Humio, or is there international opportunity? Any color there will be helpful. 

George Kurtz -- President and Chief Executive Officer and Co-Founder

I think it's across the board. You know, we're still in the early innings. If you look at the number of customers we have, you know, 13,000 and change versus some of our legacy competitors, they have over 100,000. I mean, still lots of customers that are out there.

When you look at things like XDR and you look at Humio, amazing growth drivers for us. When you look at cloud, you know, we've done a lot of work on that. Last year, we did a little analysis on the opportunity. We think it's really undersized from a MarketScape perspective, if you will, from the analyst.

And then when you look at things like identity. You know, we're the only folks that have a zero-trust identity module that came from Preempt. That's it. We're the only endpoint folks that have that.

So, that's been extremely successful for us. And when you look at the attacks, a lot of them are identity-based. And you switch that to identity being abused in the cloud and our Falcon Horizon module, which has done an amazing job. And, you know, we've seen amazing traction with that.

So, I think there -- you know, there's pockets of opportunity, broad-based across all the modules, across all the geographies, and the momentum begets momentum. You know, we really have become the go-to company in this space, and that gold standard brand reputation has served us well. 

Unknown speaker -- Jefferies -- Analyst

Thank you.

Operator

Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.

Rob Owens -- Piper Sandler -- Analyst

Great, and thank you for taking my question. George, to follow up there in terms of the growth drivers, could you double click on the XDR opportunity and whether this is the tip of the spear for customers or you're able to go back into the installed base? I guess the spirit of the question is are you seeing clients be reactionary still at this point given the breach environments or they are starting to get more strategic in terms of how they're deploying those security dollars? Thanks.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Yeah, I think they are becoming more strategic, and that's a lot of what we focus on. How do we consolidate? How do we become the platform of record like we have in many other companies for them? And how do we eliminate, you know, cost and complexity of what they have? When we think about XDR, it's really advanced threat detection. We've been doing that for a long time. And now, you're combining that with other people's data as well.

So, it's fantastic. You know, that's a great growth driver. But, you know, we still have the Humio log management product as it is, right? And obviously, there'll be more integration with that in our platform, but that is an amazing product that allows you to log everything all of the time and answer any question in real-time. So, you know, there are two -- kind of two different products if you will.

And between the two of them, as I mentioned, you know, we have a seven-figure land in Q3. You know, I think, really, we're just in the early innings. I'm so excited about that technology, and I can't wait to see how everything unfolds over the next couple of quarters.

Operator

Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.

Matt Hedberg -- RBC Capital Markets -- Analyst

Great. Thanks a lot for taking my questions, guys. George, you know, I noticed you launched Falcon Complete for GovCloud this quarter. Can you remind us of your exposure to U.S.

Fed, and maybe how you guys are uniquely positioned to take share in kind of the overall public sector vertical?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. Well, we kind of lump state, local, and federal altogether. Obviously, fed is a big focus for us. And when we think about what's happening in the current environment and some of the moves that are being made in Washington, we think our technology is uniquely suited for solving some really big problems in those areas.

We've seen success in the civilian agencies. And we're all processed for IL4 certification, we're just waiting on the government to approve that. And that allows us into other higher classified areas if you will. So, that is a, you know, a segment that takes a lot of time and effort.

And, you know, the government doesn't move so fast. But we've made great strides there and, really, across the board, state and local as well. I mean, we've got some amazing, you know, states that are customers, many of them in local government. So, you know, as we look at those in totality, we've done tremendously well there, and we still think we're in the early innings.

Operator

Thank you. Our next question comes from Tal Liani of Bank of America. Your line is open.

Tal Liani -- Bank of America Meriill Lynch -- Analyst

Hey, guys. Congrats on a great quarter. I have two questions on the market. When we discuss with distributors, there are two things that come up, and I want to ask you about the importance of automation and that's specific in relation to the selling point of SentinelOne.

And second about the price difference between you two. As far as I understand, and please correct me if I'm wrong, they compete with you with a lower price solution. Is price a significant factor in the sales process? Thanks.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. You know, I think if you buy into the marketing hype, that's one thing. But if you look under the covers, we have more automation by far than any other competitor, including S-One. I mean, that's how we get the scale.

That's why the product is easily deployed. That's why, you know, we can drive cost out of the customer base because it does it automatically. When you look at the totality of all the services, again, we're focused on stopping breaches, not just -- you know, we didn't come from a malware product that we tried to bolt on other pieces. We built this from the ground up.

So, on the pricing standpoint, you know, we sell on value, and we routinely win with a higher price point because the product works. It doesn't blow up machines. It's scalable. And, you know, people are talking to other customers, saying, what are you using and how is it working? And, you know, again, we're focused on stopping breaches, not just dealing with malware.

And I think that that served us well. So, you know, low-cost options, I think you get what you pay for. You know, there's a difference between a Fiero and a Ferrari. And, you know, we happen to be the Ferrari model, and that's what a lot of customers want.

Tal Liani -- Bank of America Meriill Lynch -- Analyst

Do you feel any pricing pressure in the market or we're not yet at this stage?

George Kurtz -- President and Chief Executive Officer and Co-Founder

You know, I mean, there's always going to be competitive deals that are out there, whether it's, you know, next-gen competitors or legacy players, and you have to play each deal by ear if you will. But at the end of the day, you know, we're going to compete on value, which we have. And, you know, I can tell you, there's a lot of deals we win when we're higher priced than our competitors. And I think the product is differentiated enough and true platform.

You know, when you look at the technology, you know, only one with the Forensic modules, only one with the Identity module. We've got, you know, amazing growth in Spotlight, you know, vulnerability -- predictive vulnerability management. So, when you strip out all the PowerPoint and noise, you've got to look at what really works and what are big customers focused on rolling out, and it's CrowdStrike.

Tal Liani -- Bank of America Meriill Lynch -- Analyst

Got it. Thank you.

Operator

Thank you. Our next question comes from Brian Essex with Goldman Sachs. Your line is open.

Brian Essex -- Goldman Sachs -- Analyst

Yeah, good afternoon. Thank you very much. Thank you for taking the question. Maybe, Burt, you know, because we see you kind of like, you know, inching downmarket.

How do you think about the model from the perspective of, you know, giving investors comfort that you can maintain retention rates module adoption margins? What are the difference in dynamics? And do you have a sense of, I don't know if you can quantify, the mix and what you're seeing through the model?

Burt Podbere -- Chief Financial Officer

You know, when you -- I think the first thing you got to look at is the new logos, right? So, we saw acceleration in new logos, and a lot of that is coming from downmarket. And so, what you see in downmarket is you see folks that, you know, can come in quickly. We've taken out friction from the system to be able to allow onboarding to be really smooth, efficient. And then they're getting a tremendous amount of value in the downmarket.

And, you know, certainly, when, you know, folks in the SMB space, if they choose our Falcon Complete offering, which we monitor, you know, mediate -- we remediate, you know, directly for them, they see the value in terms of filling that skills gap as well. And so, that, you know, talks to the retention rates that we're seeing with respect to downmarkets. So, very optimistic about our opportunities in downmarket. We've done really well overall, and we continue to win, you know, our unfair share in that segment. 

Brian Essex -- Goldman Sachs -- Analyst

OK. Super helpful. Thank you. 

Burt Podbere -- Chief Financial Officer

Sure.

Operator

Our next question comes from Alex Henderson of Needham. Your line is open.

Alex Henderson -- Needham & Company -- Analyst

Great, thanks. I was hoping you could talk a little bit about the average deal size in your pipeline across strata. In other words, if I look at enterprise to enterprise, mid-market to mid-market, and, you know, the lower end to lower end, are your deal sizes increasing across the pipeline, and did it happen in the most recent quarter? And similarly, with the -- all of these attacks that we've been seeing, can you talk a little bit about the other key metrics such as time to close and the overall strength of the pipeline? Has the attack, you know, rate had caused an uptick in those three metrics? Thanks. 

Burt Podbere -- Chief Financial Officer

Thanks, Alex. So, first, let me comment that, again, as I said in the prepared remarks, we've seen, you know, record momentum in the business, you know, heading into the second half. So, we're excited about that. And, you know, that's an accumulation across the board in all the segments.

You know, for us, we don't give out specifics, you know, into each of those different segments. But what we can tell you is that, you know, we're landing with more modules, you know, in the SMB all the way up to enterprise. You know, you can refer to George's comments about that one deal that had 11 modules. And so, we're seeing more and more of that.

And that's also evidence and as you look at the adoption rates of our modules. You know, every quarter that we talk about adoption rates, they keep going up. You know, and I think that's a testament to the strength of the platform. It talks to the fact that more and more customers want to buy our platform as opposed to point solutions.

And, you know, soon, we're going to be giving out data on, you know, no longer four, five, six but five, six, seven modules because the fourth module is going to be, you know, virtually the same as the third as, you know, in terms of adoption rates. So, you know, we're continuing to see momentum, you know, across the board, and we're seeing, you know, those adoption rates continue to tick up because of folks trying to -- customers trying to, you know, buy the platform, which is all integrated and inflated for them. So, that's what we're seeing, Alex.

Alex Henderson -- Needham & Company -- Analyst

Any comment on time to close, the length of time to close deals?

Burt Podbere -- Chief Financial Officer

Yeah, I'll just comment that, you know, we generally don't talk about that. But we've talked about in the past, you know, where we've had large enterprise deals that, you know, closed over weekend. And, you know, we still see some of those. That's not obviously every case.

But, you know, we're seeing, you know, customers come to us, you know, obviously more frequently by the number of logos, and some are closing really, really rapidly. And, you know, even, you know, seven-figure deal type of customers.

Alex Henderson -- Needham & Company -- Analyst

Great, thank you. 

Burt Podbere -- Chief Financial Officer

Sure.

Operator

Thank you. Our next question comes from Ittai Kidron of Oppenheimer. Your line is open.

Ittai Kidron -- Oppenheimer & Co. Inc. -- Analyst

Thanks. Hey, guys. Great quarter. Not that growing 64% is bad and in your international business on a year over year basis.

But with it being only 28% of revenue, why is it growing still slowly than the U.S.? George, maybe we could talk about the international progress, your priorities there? And is there a different go-to-market approach perhaps you need in order to really unlock the opportunity internationally?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Yeah. So, when we look at international growth, you know, I think if you're going to look at how strong the U.S. has been. So, you know, when you look at the U.S.

growth, it's been on fire for sure. And internationally, I think that's -- you know, you always continue to build out your capacity there, your partner network, and that's a key piece. We're just more mature in the U.S. and we have more mature partners.

So, we continue to focus on that. I think we've had some really great international wins, some big players that are out there. And, you know, we continue to focus on the key areas and the key geographies. I don't know, Burt, if you have any other comments on that piece?

Burt Podbere -- Chief Financial Officer

Yeah. So, I mean, this goes back to the fact that we're looking to continue to invest aggressively, and international markets is one of those areas. I think we've got, you know, opportunity out there to take more share. You know, when you compare it to the U.S., you know, we have a high-grade problem where the U.S.

is still really super strong. And as George already mentioned, you know, we're still in early innings, and it's a number of logos and customers that we have, 13,000. You know, it's great. We're really proud of that.

But it's a drop in the ocean when you compare it to, you know, some of the legacy players that we have over -- that have had over 100,000 customers. So, we think about that opportunity internationally to be out there, and we're going to aggressively go after it. 

Ittai Kidron -- Oppenheimer & Co. Inc. -- Analyst

OK, good. Good luck. Thanks.

Burt Podbere -- Chief Financial Officer

Thank you.

Operator

Our next question comes from Gray Powell of BTIG. Your line is open.

Gray Powell -- BTIG -- Analyst

All right, great. Thanks for taking the question, and congratulations on the strong results. So, yeah, earlier this year, you all seem pretty excited about the potential to gain incremental customers against Microsoft. I know you had some comments in the prepared remarks, and obviously, the headlines on Microsoft have not been particularly great this year in security.

So, yeah, just how are you seeing that opportunity play out, and how big do you think it could be?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. So, obviously, you know, Microsoft, you have to take seriously as a competitor, which we do for all our competitors. And it's a big market. I think when customers are looking for, you know, that Salesforce of security, they're coming to CrowdStrike fully integrated, covering multiple operating systems, and, you know, again, focusing on stopping breaches.

And, you know, there has been a lot of talk, again, at the audit committee around risk in a monoculture. And customers are becoming more and more uncomfortable with putting their eggs in one basket. So, you know, I think we have a great opportunity there. We highlighted some of the big wins.

You know, and at the other day, Microsoft is Microsoft. They're going to get customers. But I think, you know, with the best platform, the best technology, you know, our results speak for themselves and what we've been able to do. And customers, again, want that ease of use, ease of deployment, and just have it work.

Gray Powell -- BTIG -- Analyst

Got it. That's really helpful. Thank you.

Operator

Thank you. Our next question comes from Gregg Moskowitz of Mizuho. Your line is open.

Gregg Moskowitz -- Mizuho Securities -- Analyst

OK. Thank you for taking the question, and very good quarter. I had a follow-up on Falcon Complete, which I think you mentioned has a customer base up to 2.5X in recent quarters. And, you know, similarly, we're hearing that demand has really been spiking for the solution over the past few months, including among larger organizations.

And so, you know, with that in mind, can you talk about your expectations for adoption of Complete going forward across both large enterprises and governments?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. It's a great question. And when we originally built Complete, we thought it would be built for certain mid-market customer that, you know, maybe had one security person or none or a half. And the reality is it's -- you know, we're selling it to the smallest SMBs all the way up to the largest enterprises.

You know, one of our largest enterprise customers is a Falcon Complete customer because the economics are so good for them. You know, when you look at -- again, getting back to automation. The automation we've built in is second to none in how we operate the service. When you look at that, we can really drive the cost down for our customers and provide a very high touch engagement with them, which is what they were looking for.

Again, stopping breaches, being able to identify threats very quickly, and remediate them very quickly outside of any of the other automation that we have. So, that level of engagement is something that truly differentiates us. And when you even think about the sort of market, you know, it's a little bit more than MDR, but we were doing this before MDR was even coined a term. So, we have a lot of experience here that pales in comparison to our competitors.

Gregg Moskowitz -- Mizuho Securities -- Analyst

Terrific. Thank you.

Operator

Thank you. Our next question comes from Mike Walkley of Canaccord Genuity. Your line is open.

Mike Walkley -- Canaccord Genuity

Great, thanks. Congratulations on the net new customers. I was wondering if you could share roughly the number of modules on average that new customer chooses today versus a year ago. And also, how does the percent of multiyear deals improving as shown by the strong RPO metrics?

Burt Podbere -- Chief Financial Officer

Thanks, Mike. Good question. So, you know, we don't give out the specific numbers, you know, how many modules each customer gives. But we do give out the percentage of customers with four, five, and six-plus modules, which are respectively 66, 53, and 29.

And that's been increasing quarter over quarter. And so, that's just drive -- a positive testament of our ability to continue to sell the platform. And, you know, we're -- we are, you know, focused on continuing to build out the platform and to, you know, give customers more and more choice in terms of what they have available to them. And, you know, at the end of the day, George has talked many times about, you know, hey, we're going to make this thing, you know, seamless for you to deploy, and at the end of the day, easy to manage.

And when you combine those things, you know, it just makes it easier for customers to adopt. And so, you know, going back to our earlier comments about, you know, the ability to, you know, to scale and the ability to drive customer adoption, it all comes back to, you know, making it easy for the customer. And we're very focused in that area. And that's part of our core and part of our DNA, and we'll never going to take our eye off that.

Just that, you know, similar that we're never going to take our eye off of efficiency, right? Unit economics matters. However, we do know that we've got this opportunity in front of us to be able to go after more market share, and we're going to invest, you know, in that area to be able to go after more and more, you know, new logos, you know, as we continue our journey.

Mike Walkley -- Canaccord Genuity

Great. Thank you. 

Operator

Thank you. Our next question comes from Erik Suppiger of JMP Securities. Your line is open. 

Erik Suppiger -- JMP Securities -- Analyst

Yeah, thanks for taking the question, and congrats on a good quarter. Excuse about the CrowdStrike's store, that's been -- it's been adding partners since the IPO certainly. I was wondering, can you try to quantify or give us some context in terms of what revenue opportunity that is? And then also, I think Rapid7 and Siemplify were a couple of partners you highlighted. Can you talk a little bit about where your organic capabilities end and where they pick up, you know, with the Humio technology with Siemplify and the Spotlight with the Rapid7?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. So, from a partner store perspective, it's, I think, been very well received by customers. They love the integration. And again, part of the strategy that we have with a single agent -- single data store with Threat Graph and what I would call beachfront real estate is customers don't want more agents, they want less, and they trust their agent.

It's there. They know its performance, and it works. So, the whole idea, again, is how do we leverage that architecture almost, you know, agent as a service, if you will, for other partners. So, that includes data integration, being able to interact with our agents, things of that nature.

We've done that for, you know, many of the partners that are out there. And it's really based on customer demand. Do they want the technology that they're using, they want to integrate, and some of the names you mentioned, you know, fall into that area. When we think about Spotlight and its capabilities, you know, we are replacing a lot of other agent-based VM technology that's out.

And again, remember, we don't do the network scanning piece. We think that's big to monetize. And what customers are looking for, and we highlighted this with the PrintNightmare vulnerability that Microsoft had, they want push button results instantly, which we give them. And now, using AI, we can actually prioritize what vulnerabilities are most likely to be exploited, which really helps the IT ops team.

So, we've got tremendous capabilities in those areas. And Humio is -- you know, again, it's just been a shining star for us. There hasn't been a customer or prospect that I talk to that haven't been, you know, extremely impressed with the capabilities there. So, we'll be leveraging that as, you know, part of integrations for the store, and I think, you know, we're still in the early innings there.

And, you know, that can be any, you know, out here as a big driver of revenue for us. But right now, it's very strategic and make sure our customers are happy.

Erik Suppiger -- JMP Securities -- Analyst

Thank you.

Operator

Thank you. Our next question comes from Patrick Colville of Deutsche Bank. Your line is open. 

Patrick Colville -- Deutsche Bank -- Analyst

Thank you for taking my question. I guess my question is about AV. You know, one of things we get a lot of incoming on is how thought true that AV displacement [Inaudible] you know, in kind of mid-2021? Would you say that based on the kind of conversations you were having with customers and potential customers that we're kind of in the late innings of that process or is this still kind of a lot to go and we are in the early innings? I mean, that would be helpful. Thank you.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Sure. I still think we're in the early innings. Again, if you look at our customer count versus McAfee or Symantec or Trend, you know, it's, again, impressive for a younger company but still pales in comparison to all the customers that they have. So, it's an ongoing effort.

It's a multiyear effort. You know, lots of tailwinds there for us. And that's -- you know, that's in the enterprise. And when you get down to the SMBs, the mid-market, you got a ton of other players that are out there.

Too many to mention here. So, that's always going to be an ongoing opportunity for us. And in my opinion, it's still very early innings. And I know that from the big deals that we're doing, and, you know, the McAfee, the Symantec replacements.

I mean, it just happens every quarter, kind of like clockwork. 

Patrick Colville -- Deutsche Bank -- Analyst

And can I add on, I mean, when -- you know, when do you think we'll get to the late innings of that displacement? Is it like -- doing -- kind of put you on the spot and get forward guidance, but is it like anytime soon, or is it quite far out?

George Kurtz -- President and Chief Executive Officer and Co-Founder

Personally, I think it's far out because, you know, you have to look at the renewal cycles for many of these customers, right? It could be a year or two years or three years, and it's always ongoing. And, you know, I would look at the customer count, compare that to other players that are out there, and that'll give you a good idea of where we are versus, you know, what's available to us. 

Patrick Colville -- Deutsche Bank -- Analyst

Thanks so much.

Operator

Thank you. And this does conclude the formal part of the conference call. I would turn the call back over to George Kurtz for closing remarks.

George Kurtz -- President and Chief Executive Officer and Co-Founder

Great. I want to thank all of you for your time today. We certainly appreciate your interest and look forward to seeing you virtually at our upcoming investor events. Thank you.

Be safe and have a great day.

Operator

[Operator signoff]

Duration: 60 minutes

Call participants:

Maria Riley -- Vice President, Investor Relations

George Kurtz -- President and Chief Executive Officer and Co-Founder

Burt Podbere -- Chief Financial Officer

Saket Kalia -- Barclays Investment Bank -- Analyst

Sterling Auty -- JPMorgan Chase & Co. -- Analyst

Unknown speaker -- Jefferies -- Analyst

Rob Owens -- Piper Sandler -- Analyst

Matt Hedberg -- RBC Capital Markets -- Analyst

Tal Liani -- Bank of America Meriill Lynch -- Analyst

Brian Essex -- Goldman Sachs -- Analyst

Alex Henderson -- Needham & Company -- Analyst

Ittai Kidron -- Oppenheimer & Co. Inc. -- Analyst

Gray Powell -- BTIG -- Analyst

Gregg Moskowitz -- Mizuho Securities -- Analyst

Mike Walkley -- Canaccord Genuity

Erik Suppiger -- JMP Securities -- Analyst

Patrick Colville -- Deutsche Bank -- Analyst

More CRWD analysis

All earnings call transcripts