CrowdStrike Holdings, Inc. (NASDAQ:CRWD) Q1 2021 Earnings Conference Call Highlights Summary
George Kurtz, President & CEO
I will start by summarizing three key points. First, CrowdStrike delivered another exceptional quarter with results well exceeding our expectations across the board, including generating non-GAAP operating income for the first time. Our strong performance demonstrates our ability to execute at peak levels and protect our customers even in light of a global crisis. Second, we believe work from home and digital transformation are sustainable trends for our business. It is mission critical to protect workloads irrespective of where they are located on or off the corporate network. We believe these trends have helped increase our leadership in the security cloud category that we pioneered. And third, we continue to win new logos as companies are rapidly pivoting away from on-premise legacy technologies and moving to cloud-native architectures that provide prevention, visibility, and control on a single platform. Additionally, the competitive environment has evolved to our favor as market share of the incumbents continues to erode.
Now, let’s discuss our results and get into these topics in more detail. With strength in multiple areas of the business, we added $86 million in net new ARR in the first quarter, which was ahead of our expectations, and year-over-year we increased the number of net new subscription customers by 105%, achieving 89% subscription revenue growth and 85% total revenue growth. We started and finished the quarter with strong momentum even though many of the shelter-in-place orders in the U.S. were enacted midway through our quarter.
Overall, we saw good deal flow among both large and SMB customers that span multiple industries as the secular tailwinds fueling our growth remained very strong. We continue to win business with large enterprises and closed the vast majority of this quarter’s 7-figure deals in the second half of the quarter after the shelter-in-place orders were in effect, which is consistent with prior quarters. We also saw strong contributions across our key geographies, which included achieving our second largest quarter in EMEA.
Additionally, our gross retention rate remained consistently high and our dollar-based net retention rate once again exceeded 120%. We also continued to expand module adoption within new and existing customers. This quarter, the percentage of all subscription customers with four or more modules increased to 55%, and those that adopted 5 or more cloud modules grew to more than 35% of our customer base. We are partnering with our customers as they navigate a heightened threat environment and uncertain economic realities. In the first quarter, this included extending special terms to a few customers in impacted industries.
Another way we are helping customers is with the two initiatives we launched to help our customers quickly onboard new remote workers without sacrificing protection or having to worry about a procurement cycle as we discussed in March. This included a surge relief plan that allows our customers to search the number of endpoints for a limited time. Additionally, we launched a Falcon Prevent for Home Use program that allows company administrators to install Falcon Prevent on their employees’ home systems. These free-of-charge offerings have been well received with over 250 customers taking advantage of these work-from-home and search programs, which have led to significant new opportunities for CrowdStrike.
Also discussed in March, we implemented several measures early on to help ensure the health and safety of our employees around the globe. This included restricting all travel and transitioning 100% of our workforce to be remote. As we expected, this transition was seamless given that approximately 70% of our team is normally remote. We remained on track with our hiring plans. In fact, we had a record number of accepted offers and a surge in new applications. Customer engagement has remained high, and Mike Carpenter, CrowdStrike’s President of Global Sales and Field Operations, and I kicked off our 100-by-100 international virtual customer tour. The team’s efforts are paying off as we saw a strong increase in new business meetings in the quarter compared to Q1 of last year and we ended the quarter with a record pipeline.
Overall, I could not be more pleased and inspired by the superior execution and dedication to our customers by every CrowdStriker. Now more than ever, it is important that we step up, fight the good fight with our customers, and stay ahead of the adversaries. The COVID-19 pandemic has created a breeding ground for cyber crime. The past couple of months have represented one of the most active threat environments we have ever seen. The threat environment is even more heightened for healthcare and frontline organizations as they contend with increased remote workers, limited staff, and increased patient care needs. We enabled our customers to stay ahead of these threats whether they are at home, in the office, or in the cloud.
I would like to take a moment to share a few quotes from customers on the frontline that showcases how CrowdStrike is helping them navigate their new normal. The CISO of a leading national health institute wrote “Words cannot express how grateful I am that we have CrowdStrike Falcon deployed to our systems and that Falcon OverWatch has our back. As we faced unprecedented attacks, one thing remains consistent. We are able to defend our public health mission because of CrowdStrike.” And the CISO of a non-profit healthcare system operating in six states said “Big thanks to CrowdStrike and the OverWatch team for having our backs during this latest activity. Please pass along the kind words of our CEO and CFO to your folks as well as my appreciation for helping us avert a cyber incident during a hugely trying time for our healthcare system.”
Cybersecurity is mission critical; and even in this challenging macroeconomic backdrop, customers have continued to prioritize cybersecurity investments. This includes those customers and industries most impacted by shelter-in-place orders such as airlines and hospitality. In addition to effective and superior cybersecurity, CIOs and systems are looking for a strategic partner to help them easily accommodate a remote workforce, simplify their operations, bridge the skills gap, and reduce cost. To emphasize this point, I will share a quote from a Global 2000 customer in a highly impacted sector. “Our adversaries will be more motivated than ever to harm us now when they think we may not be paying attention. We simply cannot afford to have an intrusion and CrowdStrike is the most effective, most capable technology any of us have ever used or seen. It’s the linchpin of our security program.”
Additionally, IT and security teams are looking for ways to easily and remotely solve new problems inherent in work-from-home and hybrid models. The security challenges associated with a remote or hybrid workforce are best solved by a cloud-native platform that aggregates and analyzes data in the cloud, operates at web scale, leverages network effects to produce superior outcomes, and importantly is easy to deploy and simple to manage on a fully remote basis. This describes the security cloud, a new category that we have pioneered. Because the Falcon platform is cloud-native and our lightweight agent does not require a reboot, customers can easily and remotely deploy, manage, and protect their workloads at scale irrespective of where their employees are located. The real-time response capabilities in the Falcon Discover for IT operations module enable customers to remotely run a wide variety of commands on any endpoint of workload, which is now more important than ever.
We are seeing demand for Falcon Discover from IT teams that are turning to CrowdStrike to remotely self challenges such as configuration management, emergency patching, and password resets. At the end of Q1, 45% of our customers have adopted Falcon Discover for IT operations. Additionally, Falcon for mobile has seen strength as major school districts looked at secure mobile devices for remote education. The CrowdStrike Falcon platform uniquely provides integrated and simplified protection across both enterprise and personally-owned endpoint devices without having to rely on third-party elements.
To help quickly onboard newly remote employees, some companies have spun up new corporate workspaces in the public cloud creating new cloud workloads. Over the past year, CrowdStrike has seen an increase in the volume of transactions through AWS, which includes customer securing their cloud workloads as well as endpoints that reside on the customer’s corporate network. We saw a 75% increase in ending ARR from business transacted via the AWS partnership compared to the prior quarter, Q4.
More broadly on the partner front, we have continued to see significant demand. Partners across the globe are increasingly turning to CrowdStrike as their partner of choice as Symantec abandons large segments of the market and customers desperately need to protect the remote workforce. This is contributing to the strength of our pipeline with accepted deal registrations for partners increasing over 200% in Q1 compared with the same quarter last year. CrowdStrike’s mission, platform and brand are clearly resonating with customers and partners as we continue to see a very favorable competitive landscape as we discussed last quarter.
Let me share a couple of customer examples that demonstrate how the power of the Falcon platform translated into strategic customer wins and provided immediate value. The first customer win is with a leading European logistics company that was looking to mature their security program beyond signature-based AV and to consolidate schools across their subsidiaries. CrowdStrike was able to provide both leading prevention capabilities and a simpler solution with a single agent. One option this organization considered was to build out their own security operation center, but they quickly realized that by purchasing Falcon Complete, our fully managed and highly automated endpoint offering, the time to value was just seven days as opposed to a minimum of six months to 12 months. During the sales process, we prevented a ransomware incident on machines where we were installed and helped them remediate the incident across the organization on machines, where we had not yet been deployed. This new CrowdStrike customer also took advantage of our COVID-19 relief first licensing program as they needed to purchase and provision additional laptops to enable remote working. This further validated the company’s decision to purchase 7 modules that included security IT operations and threat hunting modules in a large ARR deal for our inside sales team.
The next story demonstrates how CrowdStrike helped a major food conglomerate standardized on the Falcon platform replace 4 other vendors and significantly streamlined their operations. The company has dozens of subsidiaries that were using different tools and they were looking to consolidate, streamline and improve their security posture. CrowdStrike stood out against an entrenched incumbent by demonstrating the Falcon platform’s ease-of-use, increased level of protection and low impact to system performance with a large initial purchase, this customer adopted Falcon Prevent for next-gen AV, Falcon Insight for visibility, and Falcon Discover for IT operations and is actively moving towards expanding into additional modules across IT operations use cases.