CrowdStrike Q2 2024 Earnings Analysis

Dive into $CRWD CrowdStrike’s Q2 2024 earnings with review of financial performance, key metrics, operating expenses, dilution, customer growth, future outlook

Financial Results:

↗️$964M rev (+31.8% YoY, +33.0% LQ) beat est by 0.6%

↗️GM* (78.4%, +0.8 PPs YoY)🟢

↗️Operating Margin* (23.5%, +2.3 PPs YoY)

↗️FCF Margin (28.2%, +2.4 PPs YoY)

↗️EPS* $1.04 beat est by 7.2%🟢

*non-GAAP

Key Metrics

➡️DBNR 120% (120% LQ)

↗️ARR $3.86B (+31.9% YoY, +218 net new ARR)🟢

↗️RPO $4.90B (+36.1% YoY)

➡️Billings $988M (+18.3% YoY)🟡

Customer Engagement with Multiple Modules

➡️% of customers using 5+ Modules (65%, 65% LQ)

↗️% of customers using 6+ Modules (45%, 44% LQ)

↗️% of customers using 7+ Modules (29%, 28% LQ)

Operating expenses

↘️S&M*/Revenue 30.5% (-1.0 PPs YoY)

↘️R&D*/Revenue 18.0% (0.0 PPs YoY)

↘️G&A*/Revenue 6.3% (-0.4 PPs YoY)

Quarterly Performance Highlights

↗️Net New ARR $218M (+11.0% YoY)

↗️CAC* Payback Period 20.9 Months (17.6 LQ)

Dilution

↗️SBC/rev 21%, +1.0 PPs QoQ

↗️Basic shares up 2.6% YoY, +0.1 PPs QoQ

↘️Diluted shares up 3.8% YoY, -0.2 PPs QoQ

Guidance

↘️Q3'24 $979.2 - $984.7M guide (+24.9% YoY) missed est by -2.8%🔴

↘️$3,890.0 - $3,902.2M FY guide (+27.5% YoY) lowered by -2.7% missed est by -1.6%🔴

Key points from CrowdStrike’s Second Quarter 2024 Earnings Call:

Incident Financial Impact:

The incident occurred in the final weeks of Q2, impacting sales closure, but CrowdStrike still reported robust Q2 results. Incident delayed some deal closures which were expected to close during the quarter.

The company estimated a $60 million impact from its "customer commitment packages" on net new ARR and subscription revenue for the second half of the fiscal year, split evenly between Q3 and Q4 ($30 million each quarter).

Incident Acknowledgment:

George Kurtz, President and CEO, began by apologizing to all stakeholders affected by the Channel File 291 Incident, acknowledging the disruption caused and expressing gratitude towards customers, partners, and the cybersecurity community for their support during the crisis.

Immediate Response:

CrowdStrike activated its crisis response plan immediately after the incident, focusing on clear and proactive communication through various channels including their website, social media, emails, and phone calls to keep stakeholders informed.

Technical teams developed automated recovery techniques to expedite the response process, with the goal of restoring impacted devices quickly and transparently.

Enhancements to Falcon Platform

Content Visibility and Control: Introduced enhanced content control configurations allowing customers to choose when and where new Falcon content is deployed, providing granular controls to prevent future issues.

Content QA Enhancements: Deployed an improved content validator and content interpreter, which had previously malfunctioned, to ensure that only correct and validated content is released.

External Review and Validation: Engaged two independent third-party software security vendors to conduct thorough reviews of the Falcon sensor code and quality control processes, aimed at bolstering security and resilience.

Revised Content Release Process:

CrowdStrike revised its content release process to align more closely with its sensor release regimen, incorporating stages such as sample testing, internal lab and canary systems testing, early access soaking, and a staggered deployment in adherence with customer policy settings.

Product innovations

Falcon Cloud Security:

Described as the industry’s only integrated Cloud Security Posture Management (CSPM), Application Security Posture Management (ASPM), Data Security Posture Management (DSPM), Cloud Infrastructure Entitlement Management (CIEM), Cloud Workload Protection (CWP) both agent and agentless solution.

Reported over $515 million in Annual Recurring Revenue (ARR), growing faster than 80% year-over-year.

Falcon Identity Protection:

Continues to set the industry standard in the identity threat detection and response space, with ending ARR surpassing $350 million and growth over 70% year-over-year.

Positioned as a key differentiator in CrowdStrike’s Extended Detection and Response (XDR) value proposition, helping to pioneer this category.

LogScale Next-gen SIEM:

This module has exceeded $220 million in ARR, showing a growth of more than 140% year-over-year.

The momentum reflects CrowdStrike’s capability to displace legacy SIEMs, addressing market demand for AI-powered Security Operations Center (SOC) operations.

Strategic Product Displacement:

The expansion of the Falcon platform to include LogScale and identity protection modules has enabled CrowdStrike to displace other technologies, simplifying cybersecurity operations for customers and reducing total cost of ownership.

Market Expansion:

CrowdStrike continues to focus on expanding its presence in the cybersecurity market through innovative products like Falcon Cloud Security, Falcon Identity Protection, and LogScale Next-gen SIEM, which have collectively surpassed $1 billion in ARR and are showing significant growth.

The company highlighted its strategic approach to leveraging cloud marketplaces, noting a deepened relationship with Google, making CrowdStrike the fastest-growing cybersecurity vendor on the Google Cloud marketplace.

Customer Engagement

Post-Incident Trust: Post the July 19 incident, the company emphasized that the majority of deals delayed due to the incident remained in the pipeline, indicating ongoing customer trust and engagement.

Significant Wins: Two major post-incident customer wins were noted.

A large enterprise software firm selected Falcon Cloud Security in an eight-figure deal, standardizing on CrowdStrike for superior protection and ease of management.

A nine-figure purchase by a large enterprise across a million hosts for their production environment, choosing Falcon Cloud Security for its leading protection and visibility.

SIEM Market Penetration: An eight-figure deal where LogScale Next-gen SIEM replaced two legacy SIEMs, demonstrating CrowdStrike’s ability to displace older technologies and streamline operations for clients.

Customer Commitment Packages:

In response to the incident and to enhance customer retention, CrowdStrike introduced customer commitment packages, allowing greater flexibility and economic value through features like discounts, extended subscription terms, and flexible payment terms. These packages are designed to deepen customer engagement and foster long-term loyalty.

Future Outlook:

Despite the challenges posed by the July 19 incident, CrowdStrike’s management remains confident about the resilience of its business model. The company reaffirmed its commitment to achieving $10 billion in ARR by the end of fiscal year 2031.

CrowdStrike plans to continue investing in growth and innovation while enhancing its product resiliency. This includes bolstering the Falcon platform with AI-driven capabilities and expanding its module offerings to cover a broader range of cybersecurity needs.

Management comments on the earnings call.

Falcon Cloud Security

George Kurtz, President, CEO & Co-Founder:

"Falcon Cloud Security, the industry's only integrated CSPM, ASPM, DSPM, CIEM, CWP agent, and agentless solution, now boasts more than $515 million in ARR and grew faster than 80% year-over-year."

Incident Impact

George Kurtz, President, CEO & Co-Founder:

"Despite a lot of the false narratives and misinformation from our competitors, I want to be clear that this was not a kernel update, it was a configuration update... We have best-in-class architecture and we lead the industry for a reason."

Customers

George Kurtz, President, CEO & Co-Founder:

"In the 100s of customer interactions I've had since the July 19 incident, organizations of all sizes thematically shared three messages with me: Necessity to understand the incident, acknowledgment of our track record, and steadfast support for CrowdStrike continuing to be cybersecurity's innovation leader."

Future Outlook

George Kurtz, President, CEO & Co-Founder:

"Our unchanged vision and mission propels us to become an even better, even more resilient, and even more customer-obsessed CrowdStrike... We continue to invest in growth and innovation as well as safeguards to build cybersecurity's most resilient AI-powered platform."

Thoughts on CrowdStrike ER $CRWD :

🟢 Pros:

+ Revenue rose by +31.8% YoY.

+ ARR grew by +32% and RPO by +36%, both outpacing revenue growth.

+ Strong Net New ARR added (+217M, +11% YoY).

+ Customers are using more modules (6+, and 7+ modules +1pp QoQ).

+ Usage of 8+ modules + 66% YoY.

+ Company increasing margins and profitability.

+ Beat Q2 revenue guidance by 0.3%, despite the recent incident.

+ Management emphasized that deals delayed due to the incident are not canceled but postponed to the next quarter and remain under consideration.

🟡 Neutral:

+- SBC/rev at 20.8%. Diluted shares up 3.8% YoY.

+- FY revenue growth forecast adjusted to 27.5%, a reduction of 2.7%, with the incident estimated to impact net new ARR by $60 million.

+- Total calculated billings growing +18,3% YoY slower than revenue.

+- Company doesn’t provide DNBR numbers (“our dollar based gross and net retention rates were consistent with our expectations” - supposedly at 120%).