Investing.com - Financial Markets Worldwide

CrowdStrike at Fal.Con 2025: Securing the AI Era

Published 18/09/2025, 00:02
© Reuters
CRWD
0.50%

On Wednesday, 17 September 2025, CrowdStrike Holdings Inc (NASDAQ:CRWD) convened at Fal.Con 2025 to discuss its strategic focus on securing the AI revolution. The conference highlighted both the opportunities and challenges presented by the AI-driven threat landscape. While emphasizing its innovative cybersecurity solutions and robust financial projections, CrowdStrike also acknowledged the need for continuous adaptation to the evolving digital environment.

Key Takeaways

  • CrowdStrike aims for $20 billion in Annual Recurring Revenue (ARR) by fiscal year 2036.
  • The Falcon Flex licensing model is highlighted as a pivotal innovation, offering flexibility and scalability.
  • Strategic acquisitions, including Pangea, enhance CrowdStrike’s AI Detection and Response capabilities.
  • Financial targets for FY27 include 20%+ net new ARR growth and a 24%+ non-GAAP operating margin.
  • New partnership program is projected to impact total revenue by 0.8% for FY27 and beyond.

Financial Results

  • Record Q2 net new ARR of $221 million, with expectations of at least 40% growth in the latter half of the year.
  • Achieved record non-GAAP operating profit of $255 million and cash flow of $284 million in Q2.
  • The Falcon Flex model has led to a significant uplift in customer contracts, contributing over $1 billion in ending ARR.
  • FY27 projections include 20%+ net new ARR growth, 24%+ non-GAAP operating margin, and 30%+ free cash flow margin.

Operational Updates

  • Announced 22 new innovations, with 31 modules currently available, soon to be 32 with Pangea.
  • Acquisitions of Onum and Pangea aim to enhance Next-Gen SIEM and cloud security.
  • Introduced new features such as risk-based patching and an insider threat dashboard in Falcon Data Protection.

Future Outlook

  • CrowdStrike targets a non-GAAP subscription gross margin of 82-85% by FY29.
  • The company sees significant growth potential with less than 40% logo penetration in the Global 2000s.
  • International Total Addressable Market (TAM) opportunity is estimated at $139 billion.

Q&A Highlights

  • The rise of agentic AI is seen as cybersecurity’s largest opportunity to date.
  • CrowdStrike’s products, including Onum and Falcon Shield, are expected to drive customer growth and expansion.

In conclusion, CrowdStrike’s presentation at Fal.Con 2025 underscored its commitment to leading the cybersecurity industry through innovation and strategic growth. For a more detailed account, readers are encouraged to refer to the full transcript below.

Full transcript - Fal.Con 2025:

Burt Podbere, Chief Financial Officer, CrowdStrike: During today’s presentations, we will be making forward-looking statements. These statements reflect our views and expectations only as of today, and we undertake no obligation to update these forward-looking statements as a result of new information or future events. While we believe these forward-looking statements are reasonable, outcomes are subject to risks and uncertainties, so actual results could differ materially. Please see the Risk Factors section of our latest Form 10-Q for further information about risks and uncertainties. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed in this presentation will be non-GAAP. Please refer to our disclosures on why we use non-GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures in the Presentations section of our Investor Relations website. Please welcome Chief Financial Officer Burt Podbere.

Daniel Bernard, Chief Business Officer, CrowdStrike: All right. Welcome, everybody, to our biggest Falcon event ever. Really excited that all of you were able to make it, and on behalf of the whole team, welcome. Hopefully, you’ve had a chance to hear Mike and George and their keynotes. There was a lot of information with respect to those keynotes. I found them informative. Hopefully you did as well. Hopefully you’ve had a chance to speak to our partners and our customers, just like I did, just like we did, hanging out with our customers and partners, listening to our customers and partners. It’s been such a great experience so far. Hopefully, all of you are finding the same thing. Once again, welcome on behalf of the whole team. We’ve got a great agenda for you today. We’ve got, you know, George is going to lead it off. He’s going to talk about entering the agentic era.

We’ve got a customer fireside chat with DB. We’ve got Mike Sentonas coming up and talking about cybersecurity’s platform for the AI era. We’ve got another customer fireside chat. We’ve got a partner fireside chat. I’ll give you a financial update. We’ll have Q&A. Really a lot of activity while I have you here and we have you kind of being interactive with us during the Q&A session. I hope that you all find this informative. I hope you all find this giving you insights into how we think about the business. Without further ado, I’d love to present our Co-Founder and our CEO, George Kurtz.

Rob Duhart, CISO, Oracle Cloud Infrastructure: How are you doing?

Daniel Bernard, Chief Business Officer, CrowdStrike: All right. Welcome, everyone. I have to say Falcon is my favorite event of the year. Not only do we get to talk to our customers, but we get to talk to the investment community and go through why we’re so excited about CrowdStrike and the market opportunity in front of us. Without further ado, I’ll jump into the conversation here. I know everyone would be really disappointed if I didn’t start out with AI, right? It’s all here. Obviously, there’s lots of buzzwords that are out there, but I really want to dive into what it means for security and what it means for our opportunity. Mike, if you saw the keynote earlier, talked about speed, right? It was days and days and days of attacks. It became weeks. It became hours, minutes, seconds. At the end of the day, speed is the constant element.

Let’s just kind of go through some of these transformations that we’ve had over the years. Some of you, like myself, who are probably old enough to remember this stuff, right? 1980s to 2010. It took 30 years for the computer transformation, the cloud transformation in 2010 to when I started the company to present, really 15 years. AI transformation, I think it was a really interesting stat. 100 million users OpenAI in just a couple of months after it was actually released. When we think about where the whole industry came from, right? It was megabytes to terabytes. It was terabytes to zettabytes. I have a new one for you. I think zettabytes to ronabytes. If you’ve heard of ronabytes, let me know. I had to look that one up myself, but it’s a million times bigger than the one before it.

Lots of scale that’s going on and AI really is transforming the world. We’ve seen all these mega deals happen. We see what’s going on with compute and obviously with GPUs. One of the interesting conversations I had with some of the folks was really around sort of the lack of power that’s going to make all this work. All the chips in the world, all the security in the world, we still need the power to make all this actually work. For me, it really is about this transformation in data, a transformation in certainly opportunity for the adversaries to innovate as the earliest adopters. Some of the things that we’ve seen are incredible. Mike went through a few of the attacks.

One of them that I found really, really interesting just a couple of weeks ago that Adam’s teams found was one where there was a piece of malware. It landed on a system, and then it basically went back and did prompt after prompt after prompt to one of the GPTs, and it asked it, "OK, what type of system am I on? What are the vulnerabilities? Where’s the data?" Write some PowerShell scripts to actually get the data and pull it together. Each system it landed on was a unique attack vector simply using prompts. It is just incredible how fast they’re working. If we think about cybersecurity’s first chapter, it was 30 years ago, and we’ll go through a couple of examples here. 2010 moves to the cloud, and obviously we’re in the AI era.

I remember these, I guess, like I said, unfortunately, fortunately enough, I remember all this stuff. Worms, I Love You virus, DDoS, Stuxnet, that all happened. It was weeks to days. Ransomware as a service. I thought one of the things that Mike talked about was really interesting in how ransomware moved from sort of as a service to now your AI models will actually optimize the revenue that you’re getting, that the bad guys are getting from each victim, which was really innovative but scary at the same time. Now we’re talking about really seconds, deep fakes. I had one bank call me just last week, and they said, "Hey, you know, our CEO is showing up in all these deep fakes." It was a financial institution and was on crypto and all these sort of like fraudulent type things. How do we deal with all this?

We’re just at the tip of the iceberg in terms of what’s happening in AI. Obviously, it went from hours to seconds. As I said, things are moving very, very quickly. We’ve got to be there to be able to deal with these sort of challenges. What does tomorrow’s cybersecurity look like? What are we working on and delivering today for tomorrow? First, proactive. You’ve got to understand where the threats are. You’ve got to take an intelligence-led approach. You have to understand how the adversaries operate, and you have to meet them at the same speed. You also need to be surgical, right? Surgical in the fact that you have to be precise, right? It isn’t sort of blunt objects.

When businesses are running, they’re operating at a different speed as well, and you have to be able to meet them and deal with threats in real time and keep their business running. That’s a big part of it. This stuff can’t wait. It can’t wait days and weeks. You have to be there real time. A lot of the attacks that we’re dealing with, it’s not traditional malware. It’s not like you just find it and block it. These are very complex attack structures. We call them indicators of attack. They’re attack chains. We have to be able to put it all together in real time, both on the endpoints, in the cloud workloads, and in our own cloud to figure out if something bad is happening. We think this is best delivered in a single platform, right?

That’s native end-to-end versus a multi-platform, which is stitched and disjointed and put together. Mike used the line, I loved it, was digital taxidermy, right? These are not platforms that are stitched together. They look alive, but they’re really Frankenstein underneath, right? This is built natively from the ground up. Single console, single source of truth with a single data element, and then hyper-scalable. Adam went through just some incredible stats on the amount of data that we process, how fast we do it all over the world. As I’ve said many, many times, data is really the key to solving the security use cases that are out there. Let’s talk about securing the AI stack. I just want to walk you through our thinking around AI and the complexities around it and how we have to secure it in today’s environment.

The first layer I’ll go through is the core infrastructure, the cloud, the data center storage, GPUs. Then we’ll move to the software layer where there’s orchestration, delivering outcomes. Then we’ll move to the identity layer, human identities, agentic machine identities, etc. Two years ago, I started, hopefully, some of you were here. I know many of you were. We talked about securing the cloud. We use this analogy of, you know, it’s not about securing a room. It’s about securing the things inside of it. It made really probably a more complex problem a little bit simpler, but it showed our approach. Rather than securing the room, now it’s about securing the entire building, right? In the AI world, you have to secure the entire building. Starting from layer one, layer two, and layer three, let’s go through this journey of how we look at it.

At the core infrastructure layer, CrowdStrike has some unique advantages. Number one, we are the best in runtime protection. I think over the last number of years, when we think about securing the cloud, the data centers, the core infrastructure, you have to have runtime protection. You have to be able to protect not only the infrastructure, but also things at the chip layer, right? We work with NVIDIA. We work with Intel. We work with others to help make sure that we can leverage their technologies to secure the core infrastructure and take advantage of the capabilities there. When we look at the cloud itself and some of the things that we’ve done, it goes beyond runtime protection, right? The things that we’ve helped pioneer around cloud workload protection, extending into cloud detection response, cloud security posture management, DSPM, CIEM.

You can read all the isms that are up there. These are unique capabilities that we’ve put together. There are a lot of companies out there that have one or two of these things. We have all of them. That’s what customers are looking for. This is one of the reasons why we’ve been so successful in our cloud business in being able to consolidate many of these different point products that are out there. One of the things that I’m really excited about is AIDR. OK, this is a term that we need to know here, AIDR. We pretty much invented EDR, and now we’re talking about AIDR. Let’s think about this.

If we have a system and a human on it, and we have to monitor that system and put guardrails around it, don’t we think we’re going to have to do that with all the new AI agents? There’s not a financial institution in the world, on the planet, that’s going to release these technologies into production without some level of compliance, some level of visibility and control. AIDR is just one extension of what we’re doing in EDR, applying it to AI agents. We’re excited because we announced the Pangea acquisition. We looked around at a lot of technologies and companies that are out there. We liked Pangea for a couple of reasons. What do we normally buy? I should, you know, do some multiple choice quizzes. I know many of you know we buy teams and tech. That’s typically where we spend a lot of our time.

Doesn’t mean that we won’t do something, you know, bigger than that. At the end of the day, there’s a certain sweet spot that we’ve operated in. I think this one highlights sort of the discipline around this. Oliver Friedrichs is the CEO. I’ve known him for the better part of 30 years. I think it’s his fifth company. He’s an incredible entrepreneur. He’s going to be coming on, you know, one of the key pieces of our leadership team. From my perspective, they’ve got amazing technology. There are lots of companies that say they do this in terms of prompt injection and data leakage and governance and guardrailing these sort of techniques. The thing I like about Pangea is that it not only protects the users that are interacting with these models and AI, it also has a whole suite of technologies designed for the developer, which is key.

You want to protect the upstream piece in the development of these AI models. You will hear more about that a little bit later. We will move to the software layer, right? You have got ASPM, EDR, our enterprise graph that Mike talked about, data security, right? This is our beachfront real estate. This is really where we’ve operated for a long time. With some of these newer capabilities, particularly in the cloud, it has been an incredible journey for our customers to see time and time again how we’ve continued to innovate, how we’ve continued to help them consolidate on one platform and solve their security software layer challenge. The unification of all of this comes with our new UI. Mike talked a little bit about it. We’ve been working on this for the better part of two years.

It really pulls all of this data together, and it unifies the agentic security experience. It really gives the power to our customers. The customers are going to move from point-and-click UIs into a more interactive discussion with our technology, more prompting. Building dashboards are no longer just drag and drop. You just kind of tell the technology what you want, and it does it for you. Part of what I want to reinforce here is not only are we driving innovation into our customer base, but we’re also working with them. We’re listening to them, and we’re creating an experience that is built for the agentic era. It moves from point-and-click into more of a discussion and more prompting. Let’s talk about the last layer, which is identity, which has gotten a lot of play over the last couple of months.

The evolution of identity has moved from one human to one identity, right? One human, one identity. When we think about the agentic era, it’s one human to multiple identities. In this particular case, there is one study here. You can see it at the bottom that organizations are looking at potentially 90 AI agents per human. That’s a lot. I think there is a lot of opportunity, obviously, for the bad guys to abuse this identity. There is also a lot of opportunity for folks like CrowdStrike to be able to protect these identities. At the end of the day, an agent is nothing more than a superhuman, right? It basically has access to data, access to compute, access to workflow. It has an identity. In my keynote yesterday, I talked about customers actually giving employee IDs to AI agents. They need to keep track of them.

They are looking at them as part of the digital workforce. It’s happening now, and you can see the increase. 52% of organizations expect a 20% increase in non-human identities in the next year. It’s happening now. Customers are looking for solutions, and they are looking at CrowdStrike to solve those. What is the AI agent transformation risk? Where are we today? As I said, they have access to data, apps, infrastructure, but it’s also human-bound. What do I mean by that? We put all this training data together. We train on massive data sets. You’ve seen how many GPUs and data centers and power it takes. It’s actually human-bound, right? It’s human-bound because it’s human data that created it, and it’s bound by the human IQ.

What we’re moving towards is more machine speed with agents talking to agents and this unlimited potential to go beyond just the human intelligence. This is really where it gets exciting. In the simple version that you might be looking at, it’s like you have an agent that talks to some data. You get a result. It’s going to be way more complex than that. It’s going to be an agent talking to another agent that talks to data that talks to an MCP server that ultimately brings back data and creates a workflow. All of this rich technology is going to require security to go along with it. Today, human-bound complexity. Tomorrow, limitless unbound complexity. We need to be there for our customers, and we need to be part of this journey.

Securing AI’s identity layer, SaaS misuse, AI misuse, permissions, malicious insiders, credentials, these are all things that we prevent against. Mike’s going to talk a little bit about identity and what we’ve done there with our next-gen identity technology. We were in this game since 2020. If you remember, we did an acquisition of Preempt, which was, I think, really forward-leaning, which built a massive business just in the ITDR space. We’ve extended that into PAM. We’ve extended that into just-in-time access for our customers. That really is the future of identity. We are in the right place. We have been doing this for a long time, and we continue to expand out the capability. For us, with a more modern technology, we are the protector of AI agents.

The technology we built in-house, and now with Pangea, this is modern technology, not legacy technology that was built for a different period of time. We are in the right place at the right time with the right technology. This agentic revolution represents, in my mind, a greater than 100x opportunity for CrowdStrike. We had the first era. Why did I go through all this, you know, sort of walk down history lane? When I started the company, we were protecting computers and PCs. Then we moved to the cloud, and I stood on a stage like this and said we have a 10x opportunity as cloud workloads move from on-prem into the cloud. Now I am standing here, and I am telling you, in my mind, my heart of hearts, I believe it is a 100x opportunity going forward.

You think about what we did for security on endpoints in the cloud, protecting these identities, these workloads. AI agents are going to be everywhere. You are going to have a 10,000-person company that has a million AI agents. Guess what? They are all going to need protection. They are all going to have identities. They are all going to have access to data. They are going to need AIDR for all those agents. You are not going to deploy an agent without an AIDR. Today, I wish everyone was a customer here, and not everyone is a customer. We can help at the end. We have got POs in triplicate. Just press hard. I know everyone is not a customer, but think about this. There is probably no one in this room that does not have an EDR running, right? I started the company in 2011.

There was no EDR. It did not even have a name. I am telling you, there is going to be an AIDR plus other protection for every AI agent. It is going to be needed, and compliance is going to be one of the big drivers. CrowdStrike is really leading the AI revolution, and the arms race is right now. I talked about getting to security AGI, right? The whole industry is focused, the whole sort of technology industry is focused on AGI. I think there is an opportunity to get to security AGI. I laid out our view of building the first security AGI, where you have got a human analyst, right, in level one. This maps to my driving analogy, right, into autonomous vehicles, where a level one analyst has some assistance. A level two has some partial automation, your cruise control. You’ve got level three conditional autonomy.

You’ve got high autonomy level four. At some point, you know, the guy is in the back of the car reading a book, and the car has no pedals and just drives itself. This is where we’re going in the SOC, and it isn’t about humans going all out the door. It’s about humans going up, not out. Mike said it best. Just like every time in the Industrial Revolution, people thought, geez, I’m going to be out of a job, or I’m going to be doing something else. There’s another explosion of opportunity and productivity that takes place, and this is what we see in security. Yes, there will be efficiencies. Yes, there will be gains, but we’ll allow people to do what they do best, and we’ll allow the agents to do what they do best. This, in my mind, is something that customers demanded.

I went through this yesterday. I talked to a bunch of customers. We had a customer dinner last night, some of our biggest and best. They were like, this is what we’ve been waiting for. They have to literally throw out their SOC and reimagine it. It’s like burning the bridges, right? At some point, you just have to go like, hey, we’re going there, and we’re not going to be using this old antiquated technology and views around it. That’s a little bit about AI automation. If you can have an autonomous taxi driver, you can have an autonomous security analyst. CrowdStrike is really focused on being in the forefront of delivering that to our customers. Why do we think we’re going to win this? I get back to my data comments. Data, data, data. This is the foundation for solving security.

It also happens to be the foundation for AI. It’s the fuel that makes AI run. I like to say we’re the Reddit of cybersecurity. Now, it’s a big statement, but you kind of get where I’m going with it. Why are we the Reddit of cybersecurity? Why do we think we have the best training data? Guess what? The telemetry that we get is extraordinary. The pure amount that Mike talked about, the trillions of events, the amount of detections and attack patterns that we see across the globe, we’ve been doing this for the better part of 14 years. Our Falcon Complete Next-Gen MDR, you know, sometimes it’s better to be lucky than good. We just happened over the last 10 years to be able to label all of this data.

Every time our MDR service sees these interactions, when they take action, and when we look at these attack patterns, we annotate those. We label those. Guess what? That’s human labeling, human training that’s already done. We did it for 10 years. That went into the model, and we continue to do that. Our threat intelligence, we led the industry in threat intelligence. We did it differently. We took an adversary-centric approach. We’ve been doing this for a long time. We’ve got just a massive amount of security threat intelligence data that goes into the models. Guess what? We’ve got this professional services business. You guys see it. You monitor it. We always talk about how strategic it is, and it is. We’re at the tip of the spear of actually seeing what happens in all these breaches, right? We’re there recovering. We’re seeing the techniques.

We’re taking that data, and we’re putting that back in the model. This is the data that’s necessary to create the best outcomes and to get to a level five autonomy. Trillions of events, non-human identities, it’s all there. Our telemetry, our threat intelligence, our MDR, 15 million label annotations in the last 12 months. 15 million. That’s a lot. You know what that means? That is a barrier to entry for others. It creates a data moat for CrowdStrike and professional services. More than 800 incident response engagements in the last 12 months. OK. This is the tip of the spear. This is why it’s so strategic. We’ve been able to capture all that data over the many years. We’ve been able to organize it in our graph. We’ve been able to use it to train our models. Data is our unassailable moat. I’ve said it for many years.

I’ll keep saying it. It is absolutely something that we’re focused on. AI leadership drives our future. Mike’s going to talk about the here and the now and go through the technologies and some of the releases. I really wanted to talk about where we’re going, where we’re taking the company and the opportunity in front of us. Get to a few numbers. I get to do the nice PowerPoint presentation. I know everyone wants to hear from Uncle Burt over there. He’s going to go through the real numbers. What do I want to reinforce? Reacceleration has arrived. 40% year-over-year net new ARR growth in the back half of the year. FY2027, I know it’s a hot topic. Everyone wants to hear about it. I can’t spoil Burt’s thunder, right? I’m going to let him go through that.

I do want to set up why we’ve been successful, why we think we’re going to win in this market, and again, give you some numbers to go through, which you’ve already seen. Cloud security, greater than $700 million. One of the largest cloud security businesses in the world. You can see our growth rates. Next-Gen identity, $435 million, 21%+ growth rates. Next-Gen SIEM, I mean, 95% growth rates. That’s incredible. $430 million. Replacement after replacement after replacement of legacy technology. Now customers are flocking to me. Literally, they’re stopping me as I walk by. They say hello, and they go, we’re so excited on the Onum acquisition. We’ve been waiting for this. We’re looking for this technology combined with your Next-Gen SIEM. I was on the phone with that huge bank last week. They’re like, yep, we’re ditching our old SIEM, and we’re going all Onum and Next-Gen SIEM.

Huge company, right? This is what we’re focused on. This is why we’re delivering in these areas. We called this out in the last earnings call, $1.6 billion in ending ARR to Q2 26, grew greater than 40%. Huge opportunity in these emerging businesses. Guess what? They’re all set up as well by the data from the sensor, right? The protection, the EDR, to send this data up into our cloud and then obviously collect once, reuse many as our model. It’s been a great way for us to build these modules at a high margin business. Here’s our TAM, $140 billion. You can see all the different categories that are there. Where is this going? $300 billion by CY30. We will build that out, and we’ll show you how we get there, obviously, as we go through the journey with this group. Key markets and tailwinds.

Why are we winning? Why are we such a key part of our customer success and one of the best controls that they have in their environment? They tell us, they say, CrowdStrike is the number one security technology in our company, and it’s the number one security control. It’s what we report to the board. It’s because we’re able to consolidate. You’ll hear that later today when we get the customers up. It’s because the threat landscape continues to get worse and worse. When you think about these AI threats and really no skills needed, like you can take a kid in high school. Used to be the kid who would, you know, break into a, you know, bulletin board system. No longer, you’re taking a kid who can, you know, has the power of an army behind them with AI. That’s what customers have to deal with.

It’s our technology leadership. Since I started the company, it was always about innovation. We’ve led the industry in so many different innovations. We’ve created categories before categories were even there. We will continue to do that and deliver for our customers. Part of that is going to be leading the security AI transformation and revolution. It’s going to happen. In terms of AI, I think it’s going to be like, you know, the hype of AI, the trough of disillusionment, and then people are going to figure out how to operationalize it and really get the benefits, like any technology. It’s going to be there, and you’re going to need security to help transform it. The other big item, we’ll give you some new numbers. We’ve talked about $10 billion. We’re nearly halfway there as a goal. We’re setting another goal of $20 billion. You can see FY2036.

Burt will take you through it. You can see the CAGR. This is what we’re focused on, the big prizes that are out there, the big pools of dollars. If we believe, and I firmly believe, that AI is the future and the growth in AI, it’s all going to need security. There are going to be things that we haven’t even conceived right now from an AI perspective and a security perspective that we will be building and delivering on our journey. I’ll leave Burt to talk a little bit more about that. I wanted to also spend some time on Falcon Flex. Falcon Flex is something that, you know, we developed, again, pioneering a licensed model. It’s not a consumption model. It’s a commitment model. It is very flexible.

In fact, it’s been so good that we’ve seen others copy it to the point where they can’t even change the name Flex. They just throw something in front of it and call it Flex. You know where it came from. Not only innovating in technology, but innovating in licensing and really working with our customers. We came up with it, but it was, I mean, hundreds and hundreds of hours with our customers going through it. I was personally involved. What do they want? How do they want it? How do they want to consume it? I sort of make the joke the only people that like procurement cycles are the people in procurement. The customers, they want to commit. They want to get through getting the contracts in place, and then they want to consolidate.

As we’ve seen, 1,000 plus Flex customers, 75% utilized in terms of the contracts out there. Average modules per customer, greater than nine. Reflexes, over 100. Average reflex time, five months in this cohort. Average ARR, over $1 million, right? We’re only at really, you know, the tip of the iceberg here. Let me give you a couple of examples. This was a Fortune 500 technology conglomerate. Before Flex, they had a three-year deal of $14 million. You can see the ARR, seven modules. Flex, we took a $14 million TCV customer and turned it into a $103 million TCV customer with Flex. That’s the power. $5 million ARR to $24 million. We reflexed them to $246 million over four years, TCV. $57 million a year. That’s incredible. Yes, the licensing is there, but you have to have the right technology as well. I mean, look at that.

When we talk about consolidation, when we talk about the power of the platform, you know, PowerPoint is nice. Anybody can make a nice PowerPoint. The proof is in the numbers. You can see the numbers right in front of you. All right, next up. Fortune 500 SaaS leader. Before, TCV, over three years, $77 million. Flex, $120 million over three years. We took it from $26 million to $43 million ARR. We reflexed them, $180 million in three years, $60 million ARR. These are big numbers. Again, these are strategic customers that have embraced CrowdStrike, that tell us we’re all in on CrowdStrike. What more can you consolidate? Every time I see these customers, they say, what else, you know, what else can we take out? We’re there to help them in that journey.

When we look at the agentic era, and we think about just the opportunity, billion cloud workloads, 2 billion human identities, endpoint, 2 billion devices, again, sort of the opportunity sets that we participate in, we think the agentic era is going to be an order of magnitude larger than that. AI agents, $150 billion. If we’re protecting the cloud workloads, and we’re protecting identities, and we’re protecting devices in sort of, you know, the current era that we just came out of over the last 10 years, what is the opportunity in front of us as we protect all of those AI agents? It’s, as I said earlier, AIDR, all the guardrailing, all the protection from model, from development, all the way to implementation, all going to need security. I want to finish up with, again, what we’ve done, what we’re focused on.

The here and now, obviously, we’ve got a huge business in many, many areas. Mike and Burt are going to go through that. The opportunity in front of us as the protector of AI agents and the ability to deliver outcomes to our customers, to stop breaches, I think is the best that I’ve seen in my career. I mean, I’ve been through a lot of these different trends, a lot of these different trends, if you will. You know, when I started in security, I started before there were commercial firewalls, all right? I’ve seen all of these different trends, and I’ve seen security, you know, big companies come and be created. You go to RSA, they got 6,000 companies out there.

There aren’t many companies that can provide a holistic approach and a platform, leveraging data, leveraging AI, delivering outcomes that customers want, and helping them drive down the cost and reduce their complexity and get the outcome they deserve, which is stopping the breach. I will get wrapped up, and I want to thank everyone. I’ll be back up for Q&A, and we’ll talk soon. We’ll hear from Mike and Burt. Thank you.

Burt Podbere, Chief Financial Officer, CrowdStrike: Please welcome Daniel Bernard, Chief Business Officer, and Rob Duhart, CISO, Oracle Cloud Infrastructure.

Daniel Bernard, Chief Business Officer, CrowdStrike: Good morning here, everybody. Thank you for making time to be here. One of my favorite parts of Falcon is all the engagements we have with customers and partners. You don’t have to go very far to find so many where you can hear the very themes that George discussed echoed in the direct feedback for them. Let’s save you a step and bring a great customer right here to the stage. Rob, it’s a pleasure to have you with us. Thanks for being here.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Thank you for having us. It’s a pleasure to be here.

Daniel Bernard, Chief Business Officer, CrowdStrike: We’re going to talk, got a number of questions, and get your feedback on different elements of your CrowdStrike experience. I wanted to start, where did it begin? You were using other technologies before. Where did the CrowdStrike journey for you and Oracle begin?

Rob Duhart, CISO, Oracle Cloud Infrastructure: It’s a fantastic question. When I came to Oracle, as you said, we had a pretty diverse grouping of moderately effective security capabilities, right? One of my first conversations with our CEO was, you know, we need to stop thinking about the number of capabilities and start thinking about the efficacy and the value those capabilities were bringing. We had already deployed CrowdStrike to our endpoints, laptops, things like that. I pretty quickly said, we need to get to a best-in-class deployment. Our CEO asked, you know, what is best-in-class? I said, that’s CrowdStrike Falcon, right? I think in like a weekend, he went out and cut the deal to start bringing you guys indoors. The truth is, we built this relationship out of necessity.

When it comes to functions, services, capabilities that we can trust, there is no other option for us in the context of pretty much everything George was talking about than CrowdStrike. You guys are our partner not only for IR and for cloud security, but also now for SIEM and also for endpoint detection and identity protection. The relationship is growing because the tool works, and it serves as one of our foundational controls when I’m reporting to the board. I was just with a bunch of health care customers this week, last week. When they hear that we’re a Falcon Complete customer, when they hear that we were deploying hundreds of thousands of Falcon nodes and sensors across our environment, the look of assurance on their face is worth the decision.

Daniel Bernard, Chief Business Officer, CrowdStrike: It’s great to hear. Our relationship started about, you know, a year and a half, roughly two years ago. You guys had a busy season a couple of months ago. The company’s doing so well right now. Congratulations.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Thank you.

Daniel Bernard, Chief Business Officer, CrowdStrike: Talk a little bit about that, if you will, because I’m sure a lot of folks in the audience are kind of curious about that.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, look, I’m sure you all followed the news, right? I’m not the first person in the world that mentioned Oracle and security in the same sentence in the past 12 months. It’s been a challenging year. I vividly remember, it was actually my birthday, DB. I was underneath a stadium in Tennessee, Knoxville, Tennessee.

Daniel Bernard, Chief Business Officer, CrowdStrike: Always the worst.

Rob Duhart, CISO, Oracle Cloud Infrastructure: On the phone with your team, bringing in an IR and building a relationship from an IR position, actually overtaking a previous vendor, Palo Alto, because I needed an organization I could trust to drive our IR. That kicked off a rapid acceleration of our growth and our relationship. I think in one of our events this year, we were able to deploy 200,000 sensors in 48 hours or less in a very sensitive environment. Throughout all of the challenges we’ve had this year, one constant has been the role that CrowdStrike plays. I was on the phone with your team under that stadium on my birthday. We executed that deal in an hour or two. Your team was kicking off our engagement before I left the stadium, right? You can’t fake that. That’s reality.

In our business, I say, you know, trust is lost in buckets and gained in drops. CrowdStrike earns every ounce and every bucket of trust that we have in them. In many of our businesses, through our challenging events this year, CrowdStrike is our primary control. When Microsoft had their SharePoint issue this year, MDE was not a control for us. CrowdStrike was. CrowdStrike Falcon protected our SharePoint instances before a patch was even released. This gives you an example of the trust we have in CrowdStrike and the impact and value to our business that Falcon and all of the platforms have.

Daniel Bernard, Chief Business Officer, CrowdStrike: I think it also underscores, just while we’re on the topic, the importance of really a holistic platform in deploying end to end. I think there were some clear learnings where we were and where we weren’t and how that all came to bear.

Rob Duhart, CISO, Oracle Cloud Infrastructure: 100%, right? In one of our events, not to go too deep into confidential information, we had CrowdStrike Falcon deployed across thousands of servers, and we missed six. One of those six resulted in what was in the news, right? When I’m talking to the board, which I now do regularly as the Chief Security Officer for Oracle, we’re regularly saying, where is CrowdStrike deployed? How confident are we that we’ve deployed it where it needs to be? It’s not, do you deploy, or is it the right thing to deploy? It’s more of an oxygen conversation, not a, you know, sparkling water conversation, right? In many places in the business, CrowdStrike serves as not only a primary control, but an essential partner to growing our business. It’s not just on the EDR front, right? Next-Gen SIEM, we’re now a customer there. We’ll talk about that.

We’re also a Falcon Identity Protection customer for Active Directory, which was a huge part of our health care journey this year.

Daniel Bernard, Chief Business Officer, CrowdStrike: The relationship grew, and you guys started using the Falcon Flex licensing model. Can we get some color on Falcon Flex, what that experience entailed, and the bigger commitment you made with us?

Rob Duhart, CISO, Oracle Cloud Infrastructure: We’re a Falcon Flex success story, right? Similar to what you all may have seen on those slides, right? I can attest to that personally. We are consuming more, right? Falcon is, the CrowdStrike products are working, right? I’m able to catch bad guys and protect my customers and my enterprise better because of CrowdStrike capabilities. I consume more, and I now am not limited by a contract structure on what I can do. I literally can push my deployment and my expansion on the basis of the need and the evolving threat landscape, not on the basis of a piece of paper and a bunch of legal and financial limitations that rightfully are put in place to protect our orgs. Flex has been a game changer. In fact, I think we had a plan of consuming our Flex consumption over three years, and we consumed it in one year.

That wasn’t because someone was pushing us to do that. It was because we needed to. We re-upped for more, as you know. Flex has been a game changer for us. It allows me to allow the needs of the organization to drive our consumption versus the limitations of a contract.

Daniel Bernard, Chief Business Officer, CrowdStrike: Right. With 13, 14, 15 other products displaced, usually that would have been 13 or 14 different times you had to go back to the well. Procurement, there you go.

Rob Duhart, CISO, Oracle Cloud Infrastructure: The consolidation is yielding incredible benefits, right? The capabilities communicate with each other. In one of our environments, we went from never catching our red teams to catching them every single time and often multiple times in engagement. That in the history of Oracle was relatively new. We owe that to CrowdStrike.

Daniel Bernard, Chief Business Officer, CrowdStrike: Good.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Next-Gen SIEM, Falcon, you name it.

Daniel Bernard, Chief Business Officer, CrowdStrike: Yeah, a change for the better.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Absolutely.

Daniel Bernard, Chief Business Officer, CrowdStrike: Let’s come and talk about some of the technologies that you’ve adopted.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Of course.

Daniel Bernard, Chief Business Officer, CrowdStrike: Let’s talk about Next-Gen SIEM.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah.

Daniel Bernard, Chief Business Officer, CrowdStrike: You know, I remember, if memory serves me correct, you had multiple SIEMs. Oracle, we were talking about, is a little bit of a Noah’s Ark. You got two or three or four of everything. How did you consolidate? Why Next-Gen SIEM?

Rob Duhart, CISO, Oracle Cloud Infrastructure: It’s a great question, right? We want, as a data company, an analytics company, and a cloud infrastructure company, we understand the power and the value of data. We attempted to build our own. Didn’t work very well. We invested in a couple of other capabilities. What we found is that they didn’t offer me the ability to wage the war that I was in this past year, right? I’ve already joked and talked about the challenges we’ve had this year. In many ways, I was at war every day. For lack of a better term, I told my leaders, I need guns that shoot. Next-Gen SIEM, you know, hit the target every single time. It was more of a necessity. It wasn’t even kind of a choice per se. You feed the paint with the hot hand, and Next-Gen SIEM was the hot hand.

Everywhere we put it, everywhere we deployed it, it allowed us to effectively mitigate risk and protect our customers. The displacement was relatively easy. The CrowdStrike team partnered with us on an engineering perspective to also make it easy, both from our own and from other competitors. We’re excited to put our entire platform on Next-Gen SIEM across every line of business so we have that single pane of glass and the ability to collectively secure Oracle using one tool and one capability. Again, this is not a hard discussion or a hard decision point because it works.

Daniel Bernard, Chief Business Officer, CrowdStrike: Imagine that. That’s what we like to hear. The consolidation and having all the data in one place is so critical.

Rob Duhart, CISO, Oracle Cloud Infrastructure: It is.

Daniel Bernard, Chief Business Officer, CrowdStrike: How do you get the intelligence and the management out of it? I think that’s really where the conversation goes to Falcon Complete, the czar of our agentic MDR. What did you see there as you deployed to all these different environments?

Rob Duhart, CISO, Oracle Cloud Infrastructure: The truth is, right, like most technology companies, we think we can do it all on our own. We want to, right? Deep down, I have a 400-person SOC, roughly. I have like five of them, technically. We take a lot of pride in being able to do this work on our own. What we found is that with Falcon Complete, our agent, our analysts, and operators were able to do their jobs better. Instead of them chasing alerts and chasing false positives, we were able to focus their energy on catching nation states, catching North Korean employees, right? Catching all of the more challenging elements of the business versus chasing JIRA tickets. That happened almost overnight when we deployed Falcon Complete. I think another piece of the MDR journey that’s worth mentioning is my customers love that I’m a Falcon Complete customer.

We had a very hard year for Oracle Health this year. When I talk to them and say, this is what happened, this is what we did, and oh, by the way, we’re 99% Falcon deployed across our entire environment, and we’re a Falcon Complete customer, they all breathe a sigh of relief because they’re Falcon Complete customers too. In fact, and this was not a part of what we talked about, there were a couple of times where I was talking to, you know, customers who wanted IOCs. I was able to tell them, hey, I have one better. We’re using Falcon Complete. We’re using Falcon. We’ve already written these detections and signatures into Falcon. They’re already in your EDR implementation. You don’t have to do a thing. I don’t have to give you IOCs.

Because of the way Falcon works, you get the benefit of all the hard work I’ve been doing with CrowdStrike behind the scenes without having to do anything.

Daniel Bernard, Chief Business Officer, CrowdStrike: I think that really speaks to the core architectural advantage of the platform and the very notion that George talked about, you know, collect the data once, use it many times, and the power of the crowd in real time in production when it actually matters the most.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Game changer.

Daniel Bernard, Chief Business Officer, CrowdStrike: Powerful. Now that you have all this data, it’s all centralized in the Falcon platform. How are you thinking about your agentic security journey? You heard what George said earlier. What are you thinking when it comes to how you secure, how your organization uses GenAI tools?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Deeply exciting, right? One of the reasons we chose Next-Gen SIEM, I went on a world tour. I went to Palo Alto and looked at what they had. I looked at, you know, all of the various vendors. It was clear that CrowdStrike’s vision for an agentic SOC, which we all need, was advanced, was moving more quickly, and aligned with our own vision. I told you I have, what, 400 security operations people, five SOCs. That’s not a model that scales. In some places, it’s going to have to be that way because we do classified work, and we have to do that. In other areas, we’re going to be, you know, optimizing these SOCs in a way that they can become what we call lights out. What you’re talking about, what George described, is what we in the business would call a shortcut to being lights out.

Instead of me having to go build a bunch of agents and run these and manage these myself, I can trust on you to do that, partner with you. It allows us to scale in ways that I couldn’t on my own. It also really, really benefits the industry. A lot of the firms that I talked about, the customers I’ve talked about, are smaller. They don’t have 400 security operations people. They get to benefit from this agentic lights-out SOC movement as much as anybody else does. It’s a game changer in the cyber poverty gap world, both from the business and the capability perspective.

Daniel Bernard, Chief Business Officer, CrowdStrike: Really good color on not only the consolidation you’re able to achieve through the different products that we went in and really replaced, but also the new workflows that come through the agentic SOC that we’re building.

Rob Duhart, CISO, Oracle Cloud Infrastructure: The new threats we can catch, right? We’re catching things that we did not know exist. We wish we knew they existed before. Because of the speed, the depth, and the technical sophistication of what you all are building, you’re enabling us to do more with less. In the world that we’re in, that’s more important than not.

Daniel Bernard, Chief Business Officer, CrowdStrike: Yeah, yeah. I mean, what is really clear to me, having been involved closely from the very beginning, is Falcon isn’t just a product inside of Oracle Cloud Infrastructure. We really have become the operating system of security.

Rob Duhart, CISO, Oracle Cloud Infrastructure: No question.

Daniel Bernard, Chief Business Officer, CrowdStrike: When you reflect on this journey we’ve been on, to kind of round it out here.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Please.

Daniel Bernard, Chief Business Officer, CrowdStrike: The fundamental question I have for you and I have for the room and those watching, why CrowdStrike? When you’re asked why CrowdStrike, what’s the answer?

Rob Duhart, CISO, Oracle Cloud Infrastructure: I was asked this question in my second month at Oracle by our CEO. I said, when you make this kind of choice, you should choose the best. If you can afford it, if you can sustain it, why wouldn’t you go with the best? That was a decision I made in June 2024. Fast forward to November 2024. I’m underneath Neyland Stadium in Knoxville, Tennessee, on my birthday. Who did I call? I called CrowdStrike. Who showed up? It was CrowdStrike. When I was working six days a week, managing these challenging events, sometimes up to 18 hours a day, who was there with me? CrowdStrike, right? Now that we’re not in that fund and we’re driving a broader transformation across Oracle, who am I on stage with right now? CrowdStrike, right?

It’s CrowdStrike, a capability that works, a financial model that allows me to scale to the needs of my customers and my evolving business, advanced agentic vision and roadmap to improve our capability and yours, and then consistently delivering over time. I did not tell Clay we should go with CrowdStrike in June because I just read a book about CrowdStrike. I’ve been many places. I’ve seen that consistency over time. All those things matter. I mentioned four. The three things matter, but the most important one is trust. You earn that trust.

Daniel Bernard, Chief Business Officer, CrowdStrike: Yeah, very powerful. I’m super proud of the journey that we’ve been on together. The results of Flex speak for themselves. The technology speaks for itself. The ROI speaks for itself. Most importantly, the outcome speaks for itself as well.

Rob Duhart, CISO, Oracle Cloud Infrastructure: For what it’s worth, I know the room, I make more money because of this, right? At the end of the day, my business is thriving more because I made this decision. I mean, it doesn’t get much easier than that.

Daniel Bernard, Chief Business Officer, CrowdStrike: I can’t add anything on top of that. Rob, thank you. I mean, thank you so much.

Rob Duhart, CISO, Oracle Cloud Infrastructure: I’m not trying to do this. It’s just true.

Daniel Bernard, Chief Business Officer, CrowdStrike: Thank you so much for coming all the way, for your time, for your trust, for your partnership, and for being such a great customer of ours.

Rob Duhart, CISO, Oracle Cloud Infrastructure: More to come.

Daniel Bernard, Chief Business Officer, CrowdStrike: More to come. Thanks a lot.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Thank you.

Burt Podbere, Chief Financial Officer, CrowdStrike: At this time, it’s lunch. Please go to the lobby to pick up your lunch and return here to eat. We will resume in 30 minutes. Thank you. Good.

Daniel Bernard, Chief Business Officer, CrowdStrike: Afternoon, everyone. We’d appreciate it if you resume your seats. We’re going to continue in just one moment. Thank you. We are about to begin again. Please take your seats. Make sure your cell phones are off. Thank you. Good afternoon. Please welcome Mike Sentonas, President.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Alrighty, how are you all? Normally, I get to say I’m between you and lunch, I’m between you and drinks. This one’s even worse, I’m between you and Uncle Bert. I’ll make sure that I keep on track and get through everything that we want to cover. Really appreciate everybody being here. I know a lot of people were in the session that I did this morning. I will cover a couple of similar demos. I will go through a lot of new ones because there are a lot of other things that we are announcing tomorrow. Not everybody will be here, so I want to make sure everybody gets to see them. I really want to build out some simple concepts that George talked about yesterday and in his session earlier today in this room.

Some of the things that I talked about around building a cybersecurity platform for this next era that we are in right now. I think to focus on our next and an incredible chapter in our organization. George talked about it earlier, Bert’s going to go into it in a lot more detail. To show you just how confident we are, we’re putting a new stake in the ground. That is, when we first laid out our path to $10 billion, we were at $2.9 billion in ending ARR. Since then, we’ve grown considerably. We’re talking about this new opportunity that we have ahead of us. A path, a new course to $20 billion in ARR to drive this growth. We’re extremely confident in a number of things, in our rapidly emerging businesses with Next-Gen SIEM, with cloud, with identity.

This next evolution, Falcon for IT, data protection, modules that we’ve talked about this week, building out exposure management, new patch capabilities. What gets us incredibly excited is this opportunity to transform cybersecurity with new outcomes, leveraging AI. Obviously, everyone’s talking a lot about AI at the moment. One of the things that I wanted to really put across in my keynote this morning to the main stage was just the benefit that this technology can give us in a very easy way that is available today. We see ourselves as being best placed, being best positioned to build both AI to help our customers, but to also secure the technology that they’re adopting rapidly themselves, to secure the models that they are onboarding and to deliver security AGI.

Big vision, and it’s going to take us a lot of work to get there, but we are well, we are best positioned to protect the AI future. Looking at our reported platform modules, we’ve seen rapid expansion across cloud, across Next-Gen identity, across Next-Gen SIEM. We’ve talked a lot about the adoption of Flex, the adoption of these modules by customers over the last 12 months. There is no more true than Next-Gen SIEM. We’re now pushing even harder with this acquisition of Onum, which I’m incredibly excited about. George and I worked very closely on this. We worked very closely with the Onum team. I’m just going to say it as it is, I’m not going to mince words. Onum is a game changer. We had the opportunity to test every product in the market.

Everyone that you heard about, everyone that’s been talked about recently, we onboarded, we tested, we looked at it. George said it, I think, perfectly earlier, team and technology. That were the two things that we wanted to bring together. Why is Onum different? It’s not just about reducing the amount of data that you move. It’s about processing and contextualizing data before it hits the scene. This is critical to every organization. When we announced this, we got a flood of inbound questions from customers. They get the concept of moving detection closer to the source. It gives customers the ability to have complete control over their data. It gives customers an easy way to transition their SIEM technology. They can deploy Onum, they can continue to use the product that they have, whatever the legacy technology is, and simultaneously, they can be moving data into Falcon Next-Gen SIEM.

We’re just incredibly excited about what this technology can bring. I just want to show you another demo of this technology. If you’re in the session this morning, if you’re seeing it for the first time, this is incredible. It’s technology that customers of CrowdStrike can get access to right now. Play the demo.

At Falcon, we welcome Onum into the CrowdStrike family, bringing the power of real-time data intelligence to the Falcon platform. An intuitive, high-performance solution that bridges the gap between any data source and Falcon Next-Gen SIEM. With greater speed, efficiency, and real-time intelligence, analysts deliver outcomes that are faster, sharper, and more cost-effective than ever before. Advanced use cases can now be addressed with data in transit. Onum cuts through noise, empowering Falcon to focus on the signals that matter most. Less waste, less delay, more action. It delivers clean, filtered, high-quality data at blazing speed, enabling earlier detection, faster streaming, and less noise, all in real time. When every second matters, simplicity is power. Data intelligence simplifies the complex. Parse your logs, enrich events, and manage pipelines with drag-and-drop ease. Take any log and quickly parse it without having to do a regex or complex expression.

From format to destination, data flows with purpose, ensuring every pipeline is faster and more efficient. With real-time in-pipeline detection, you can accelerate incident response by up to 70%. Smart filtering can cut data storage costs up to 50%, delivering more power with less overhead. Onum was purpose-built for scale, ensuring that as your data grows, every decision becomes sharper, every response faster. Five times faster than its nearest competitor, redefining performance where milliseconds make the difference. Easily transform, mask, hash, or encrypt any field. This speed shifts detection in line, powering the future of AI in security. Onum transforms data into intelligence, fueling Falcon to stop breaches at the speed of AI, transforming raw data into actionable intelligence. We do this for all IT data. The right data, the right time, in the right place.

Together, CrowdStrike and Onum are empowering you to stop the breach and thrive in a real-time world.

Here’s the great news. Every customer that has Falcon Flex licensing has the ability to onboard Onum right now. They could do it this afternoon. Very quick to deploy, very quick to operationalize. I have to say, in terms of M&A transactions, this was super easy. Our core engineering team was part of the due diligence team. We obviously shift an incredible amount of data. They were part of analyzing other vendor solutions. This was just every person on the team saying, we have to have this as part of the organization. Super excited about the technology. We’re doing a lot of cool integrations, but the important point is customers have the ability to start using it right this day, today. A lot of excitement about that.

When we think about our opportunity to disrupt the Next-Gen SIEM market, when you think about what we can do with Onum, getting closer to the data source, removing the friction from moving from whatever the customer uses today to move to our Next-Gen SIEM, the ability to give them a compelling value proposition so that they can look at our technology that can maybe reduce data, help them make a better outcome at a lower overall cost. I think this is going to be phenomenal. As I said, game changer, and certainly we, and I don’t use that term very, very lightly. Very excited about what we are doing with the team over there. Going in a little bit deeper, very strategic for us.

When you go back and you look at the project that we did when we acquired Humio, which we now call LogScale, like LogScale before it, Onum is highly differentiated. A lot of people say, how is it similar to Cribl or other technology? This is not just about speed. While this is incredibly faster than all the other technologies that we looked at, whilst it’s incredibly more efficient than all of the other technology, this is all about the ability to manage data in the pipeline. A lot of the technologies that you hear about, they’re really good at removing data. They talk about you don’t have to shift 100% of the data, you can remove 20%, 30%, whatever the number is. Onum gives us the ability to do things like detection in the data pipeline. It gives us the ability to add context in the pipeline.

It gives us the ability to add other sources from other vendor technology in the pipeline. Ultimately, what that means is we can manage data before it actually gets to our SIEM platform, whilst creating efficiencies and helping customers manage costs. Really, really excited about what we can do with the technology there. Obviously, I’ve said it a couple of times, but removing friction to move to another SOC technology, because that’s the biggest thing that people will ask. If I have to move from whatever I am using today over to Falcon Next-Gen SIEM, how do you help me remove the complexity? This is the answer to that question, to be clear. Switching gears a little bit, we’ve talked a lot about AI. Everybody’s talking a lot about AI. We’ve been spending a lot of time focusing on this.

I will say we’ve been spending a lot of time focusing on this for the last 10 years plus. When George started the company, it was a company founded on the principles of the benefits of AI. We use that technology to solve a problem with malware, with ransomware, with complex attacks. We use that technology to help defeat those adversaries without requiring signatures and a lot of complexity. As we’ve evolved that technology, we’ve used it with OverWatch. We’ve used it in our threat hunting capabilities. We’ve used it in new modules that we’ve released. Now we’re using it to make our customers’ lives easier, to help them solve a lot of the problems that they’re dealing with without as many people, without complex environments. We introduced the technology, Charlotte, to everybody. Charlotte’s been a project that we’ve been working on now for a couple of years.

Charlotte is a project that we’re spending a lot of time building out the capability, the use cases. You saw many of those examples in George’s session yesterday and mine this morning, if you attended. One of the interesting things when I think about Charlotte, Charlotte’s making a lot of friends and bringing a lot of capability to our customers to save them time, giving customers intelligent connectivity to the entire ecosystem. Charlotte is helping customers connect other third-party vendors into the platform as well. More importantly, giving our customers the ability to build their own agents to solve specific use cases. Let’s roll this video again.

The future of cybersecurity demands AI insight combined with human oversight. That’s why with Charlotte AI Agentic Workflows, we’re delivering world-class CrowdStrike expertise directly into your SOC through intelligent AI agents. Your agent learns your organization’s context, just like onboarding your newest analyst. Agentic Workflows makes this so intuitive, your team becomes more productive from day one. No code, no friction. Simply describe your mission in natural language. Create an agent that prioritizes detections, investigates threats, and blocks malicious IPs. Agentic Workflows builds it immediately. The Agentic Workflows assistant asks intelligent questions to tailor agents to your specific environment. The agent gateways you add connect tools, workflows, and even other agents, putting Charlotte AI at the hub of your entire security stack. Agentic Workflows transforms security operations beyond automation. It’s how you command AI across your security stack on your terms.

This is how defenders reclaim the advantage to outpace AI-driven attackers with AI-driven defense. Agents are not replacing humans. They are elevating them. Every analyst becomes an agent manager. You maintain human accountability by empowering your team to direct operationalized agents and give them the tools to refine, customize, and create new agents tailored to your needs. These aren’t just tools. They are AI teammates, mission-ready agents that reason, decide, and act with elite analyst judgment, bringing the same level of expertise protecting the world’s largest organizations, now operating as your agentic workforce 24/7 at machine speed. You’re not out of the loop. You’re elevated above it. From alert handler to commander of an agent army, oversee your agent workforce with complete visibility. This shifts your team from drowning in alerts to commanding outcomes. The assistant suggests workflow enhancements while you maintain complete control through enterprise-grade approval mechanisms.

Any alert can trigger an agentic response using your own custom agents, as well as agents provided by CrowdStrike. You control the analysis flow while AI handles execution. Your agents can respond flexibly to scenarios at pipeline-native speed, cutting investigation tasks from hours to minutes. Every action is fully traceable with transparency into every planning detail, data retrieved, and action taken by the AI. See exactly how agents process detections, reference knowledge bases, and execute actions, all with proper data, context, and authorization. Agents pull contextual data, reason across combined information, recommend containment steps, and orchestrate completion. All auto-documented, delivering comprehensive incident reports with zero manual work.

We’re incredibly excited about this. We’ve had so many customers that have come up to talk to us about this, the ability for them to use what we build for them, but the power for them to build their own ecosystem inside their organization. The important thing to highlight on what I just showed you is this is technology that we have been building for a very long time. This is not forward-looking technology that’s going to take a lot of time to innovate because we’ve been building this capability with our Falcon Complete team. We’re not adding hundreds and hundreds and hundreds of engineers into the Complete team. When you hear about the capability that Rob gets at Oracle Cloud Infrastructure, that’s not driven by signing up an account like Oracle Cloud Infrastructure and then just going out to the market and recruiting an incredible amount of analysts.

Our team in Complete has an engineering team that is focusing on taking the data, taking the methodologies, and automating that capability so that they can respond to our customers as quickly as possible. We’re operationalizing that technology and making it available to our customers so that they can get these economies of scale, they can get the methodologies, they can get the playbooks, they can get the learnings from CrowdStrike. The ultimate goal is to give them the ability to move faster. When you think about Charlotte, it was only a couple of years ago that we talked about this new vision, this new idea, the concept of what we could do with Charlotte. Charlotte’s come a long way. You know, when we talked about Charlotte, this was in the infancy of things like GenAI and large language models, which really, in many ways, have become old news already.

In a short time, we’ve gone from a relatively simple, but I think at the time we released a very transformative ability to ask questions against your Falcon environment, against your Falcon data. Now we’re working with Charlotte, and Charlotte is doing things for you. As George laid out, our goal is crystal clear here. Our goal is to turn Charlotte into a security superhuman capable of driving our mission to stop breaches faster. Again, let’s roll the next video.

Charlotte AI can now generate fusion SOAR workflows from natural language, making it easier than ever to build inspectable, reliable SOAR automation. SOAR workflows’ deterministic execution is a great fit for modeling policies and business processes, especially when combined with Charlotte AI agents that inject intelligence into individual steps in the workflow. Charlotte AI searches the Fusion Content Library, finding the appropriate triggers and actions for the task at hand. The results of those searches are inspectable as response details, allowing users to see exactly what the AI saw as it worked through the problem. The resulting workflow can be saved as is, amended conversationally with Charlotte AI, or opened in Fusion for manual editing. A future release will bring this new agent directly into the Fusion workflow editor, providing seamless collaboration between the SOC engineer and Charlotte AI.

What was previously many steps in a workflow to triage and investigate a detection is now simplified with Charlotte AI, allowing security teams to build agentic workflows that automatically generate actionable cases in real time. Each case is dynamically populated with Charlotte’s analysis in clear, natural language. Agentic workflows enable SOC analysts to respond to detections at machine speed, reducing mean time to triage and mean time to response.

Very powerful technology. Legacy security architectures, legacy vendors talk about SOAR. Modern security architectures, modern vendors talk about hyperautomation. What you just saw there is Charlotte having the ability to automate anything in your environment. Grab a hunting playbook, analyze my malware. These are things that are not easy tasks. The number of people around the world that know how to reverse malware is getting smaller and smaller and smaller. Charlotte has the ability to reverse engineer your malware, to tell you what’s in it, to pull down threat hunting reports, to tell you if there’s an adversary that’s leveraging this, to send a Slack to the security team, to network contain the machine, to create a forensic playbook, and to do it all dynamically. Hyperautomation in the core platform is part of what Charlotte has the ability to do.

This is the demo that we’re showing down in the hub, and what customers are getting extremely excited about because they can ask Charlotte how to do it in natural language. They don’t need to be the expert to do any of those steps that I talked about, which is incredibly exciting. All of this comes together with a new UI. You can’t do this with old UIs. We’re doing a ground-up rewrite of the entire platform. The platform that has the ability to be tailored for every user. If you’re an entry-level user, if you’re a reverse malware analyst that I talked about, if you’re a threat hunting organization or group, if you’re the largest enterprise to the smallest SMB, the platform comes together and operates in a way that meets your requirements. It’s not just a new user interface. It’s a modernization of the entire platform.

It’s a multi-year project that we have started. It’s a project that will continue to move forward. It’s changing all of our modules. It’s getting them closer together. We’re really excited to show you what we’ve just released and showed as a release candidate to our customers. Roll the next video.

This is the new dynamic user experience. Let’s start with a simple question. Show me critical misconfigurations from the last 90 days. In near real time, Falcon reveals 24 critical issues across 14 assets. Let’s capture this insight. Now we have real-time visibility, but let’s go deeper. Watch as Falcon quickly maps these issues to specific CIS controls. Each natural language query builds on the last, maintaining perfect context as we explore further. Falcon quickly analyzes months of telemetry, revealing a critical shift on March 15th. We’re not just seeing data. We’re watching our security posture evolve over time. Let’s check for active threats. Falcon reveals no detections yet, but flags four critical CVEs that could be exploited. Now let’s pivot to understand the human element. In seconds, Falcon maps privileged access patterns against our compliance drift. Perfect. Now we can visualize these access patterns.

Falcon quickly identifies EC2 instance O2 as our highest risk asset, correlating internet exposure, PII proximity, and vulnerability status. Each insight is building upon the last. No context switches, no complex queries, just fluid exploration of our security landscape. This is exactly where we need to focus. What remediation should I prioritize? Falcon helps build our action plan, prioritizing two critical CVEs and three CIS benchmark misconfigurations, one set of remediations that will resolve 12 security gaps and two potential attack paths. We are transforming insight into action. With one command, everything we discovered comes together in a comprehensive security view. We can refine our visualization just as naturally. The same natural language that drives our analysis also controls our interface. Watch this. We’re about to transform our interactive analysis into automated intelligence.

In seconds, Charlotte creates an automated analyst that can replicate this entire investigation across any part of our infrastructure for any period of time. Now just think about that. We just turned a complex security investigation into an automated capability using nothing but natural language. Now let’s put this agent to work. Charlotte knows exactly what we need. Here’s the finishing touch. We can also use this agent to create a monthly executive summary report. Falcon automatically schedules a comprehensive monthly report, translating our technical findings into executive-level insights.

We are so focused on making our customers’ lives easier. We are so focused on making sure that this is technology that every one of our customers can adopt. This is no longer talking about which modules can you sell to the largest government, the largest enterprise. Every customer has the ability to leverage every module. Modern and fresh UI, a UI that organically drives module adoption. If a customer does not have all of the modules to use, they can easily kick off an in-app trial. They don’t have to call the CrowdStrike account manager. They don’t have to call their reseller. They have the ability to just say, deploy the module, let’s try it. For a period of time, they have the ability to do it. Driving module adoption is critically important. Quantifying ROI.

We have built into the product the ability for them to understand how they’re using and getting value out of the product. From a Flex perspective, we’ve built into the platform the ability for the customer to understand how they’re using their Flex pool, how they’re going, what’s left, what modules they’re using, what else can they use to just make it easy for everybody using the platform. The foundation to all of this agentic innovation is world-class security. I want to show you exactly how we’re securing the enterprise’s AI future. You heard about us talking about Pangea. Again, another organization that we were incredibly excited to work with. Team and technology. This technology, together with what we have been doing, really completes our AI security stack. I believe it sets us further apart from the competition. Technology that we looked at everybody in the market.

We looked at all of the different vendors that we’ve all been talking about. Some of those vendors that have been talked about by other security players use features, or maybe I should say used features from Pangea because of the architecture that they have built. Let me show you why we think Pangea is so special. Roll the next video.

Everything starts with visibility. Pangea provides visibility for your browser, applications, gateways, AI agents, and public cloud. Let’s dive into browser visibility to gain real-time awareness on your workforce’s usage of AI. Here we’ll integrate with the Chrome extension. Once created, it can be deployed to all endpoint browsers where AI traffic is streamed through Pangea’s AIDR, where AI activity patterns can be viewed. Here we have the visibility view. It gets us a quick understanding of which users in your environment are using any AI applications or models. You can drill down into specific applications and users to gather their token counts, event counts, and policy-enforced detections. Once you have a better understanding of AI usage in the enterprise, you can swiftly create policies to manage AI usage in the workforce.

Within Pangea’s Policy Manager, you can easily enable policies to enforce conditional access control to your various AI applications. You can also use natural language processing to simply envision and execute your rule creation in seconds. These access control rules allow you to govern which users can access which AI applications at scale. This goes beyond user-to-application controls. Pangea also empowers AI security with granular prompt detection and prevention capabilities. You can detect and prevent malicious jailbreaks and prompt injection attacks. Pangea also includes content patterns for confidential data, PII, language, and custom topics, custom entities, and even code. With AIDR, Pangea offers tremendous flexibility between blocking, reporting, and even data transformation. Flipping on Pangea’s sandbox capability, administrators can enter in sample prompts and test the efficacy of the policy before it’s deployed in production.

Once your policies have been deployed, the visibility view will show the administrator newly surfaced detections with the same filtering capabilities shown before. Filter by apps, users, models, and gain visibility into what detections were triggered by each policy.

When I talk to customers, the three things that they talk about to me are, we’re building AI. How can you help us secure it? We’re building AI. How can you retain it? What services do you have and what research do you have? Our organization is adopting the use of AI. How can we do it safely, securely? When you think about what we have with our endpoint technology, with cloud, with data protection, and now with Pangea, bringing in a complete suite of AIDR, it means that we can help an organization with all of the endpoints that they use, with all of the cloud workloads they use, with all of the cloud instances, the services that they use, and with all of the AI technology. We have the ability to give them one platform to see everything going on inside the organization.

Just to make sure that we’re all clear as to why we believe we have that complete solution, we have browser extensions to make sure that wherever the user tries to access AI, we have full visibility. We have the sensor that provides that capability. Imagine a world when we connect our browser extensions together with a sensor. However the organization is trying to leverage this technology, we have the ability to give them visibility, control, governance, and security, all with the same platform that we’ve been talking about for a very long time. I am super excited. As I start to wrap up, one that we’ve been working on, I think George said it really well since 2020, is what we are doing in the space of Next-Gen identity. We know that’s where the adversaries are going. We know where a lot of the issues are.

We’ve been really focusing on pioneering the ITDR space, identity threat detection response. We’ve been building our identity into many of the other parts of our platform. As you all know, earlier this year, we released our first PAM capabilities. We added just-in-time access. It was another new module. It was the ability for customers to give just-in-time access to any user or service that needed to get access to the organization, solving a critical problem for our customers. We’re now starting to think about how do we move into this new AI era by providing identity security for non-human identities, for devices, for services, to make it a simple feature for all customers. We’re reinventing login security with built-in fishproof MFA in the platform. You can connect to any service, to any application, use your phone to get permissions.

We vault your credentials in the cloud, and we integrate the mobile capability with a sensor to ensure that we can give customers access to the network either through their secured identity or through secure devices that are running the sensor. Everything else has no capability to get access to the organization. We’re focused on making PAM easy. Remember, PAM is technology that was designed 20 years ago. PAM 20 years ago solved a very different environment that we’re in today. You need to be able to deal with the non-human identities. You need to be able to deal with services. You need to be able to deal with an agentic world. Importantly, you need to be able to give services access dynamically, and you need to be able to remove that in an easy, seamless way.

Have a look at what we’ve released to our customers and announced this week at Falcon. Roll the demo.

A customer is in the middle of a CRM migration from an on-prem solution, Orange CRM, to Salesforce. A project has been spun up to build an AI agent to help customer service advisors answer customer queries faster. We start as the developer Dan uses a Slack bot to request a new AI agent identity. This workflow is backed by a next-gen identity security policy where we apply zero trust controls for both the human owner and AI agent. Here we are checking that the device has Falcon installed and is commonly used by a low-risk user who is a member of a group that automatically grants them permissions to create agents with a tightly controlled scope. As this agent accesses customer data, strong MFA is required too, which Dan completes on his mobile phone using a dedicated FIDO passkey.

Now that the approval process is complete, credentials are issued for Falcon MCP. Salesforce or Orange CRM keys are vaulted in the Falcon cloud and never given to Dan. The policy also changed the group memberships for Dan’s machine, triggering an automatic installation of Claude with Falcon MCP pre-configured. To authenticate securely, an agent binding token is deployed, which binds the AI agent identity to Dan’s device, restricting operations to read-only and only to the CRM systems. Now Dan can use Claude to test some prompts without ever having credentials for the CRM systems. All of this is gated by Falcon MCP. Fast forward a few weeks, and Dan’s AI agent has been deployed in a beta capacity. Alice, a customer service employee, is already using the agent to assist customers. She is a former customer of the company herself and has an overdue account.

She tries to delete the record, but the guardrails Dan set in the code to prevent this type of operation stop her attempt. Alice then tries some prompt injection, where she asks the same question but without using the word "delete." Unfortunately, the LLM complies and attempts to delete the data. However, because of the scopes defined in the policy enforced in the token on the device, no data is deleted, and the least privilege enforcement through identity saved the day. This policy violation triggered a Fusion workflow for rapid remediation. The workflow automatically changes the risk score on Alice’s account, triggering a logout of the app and preventing her logging back in. Dan, the owner of the AI agent, is notified that his guardrails need to be refined.

That’s a huge demo. A lot packed in. Just to make sure everybody caught everything that was there: just-in-time access, vaulted passwords, fishproof MFA capability, the use of the mobile to authenticate, and the ability to do hyperautomation all in the one platform. We’ve been working a long time. It started with the PAM release that we did earlier this week. It’s technology that we built ourselves. It’s created a unified identity protection framework that helps provide end-to-end from provisioning to authentication to access management. The important thing in that demo is having the ability to be notified that something has gone wrong, and then the hyperautomation removing session access, which a lot of tools really struggle with. That solves a huge security problem. There’s so much more innovation happening this week. There’s so much more innovation that we’re going to be talking about this quarter and into Q4.

You can see there a lot of the things that we’ve talked about: the agentic security platform, the agentic SOC, really building out what we’re doing with exposure management, providing capabilities, a hunt agent, a malware analysis agent, data transformation agent so people can onboard to their SOC a lot easier, a search analysis agent so you can query, you can do what our threat hunting teams can do, all the way through to the hyperautomation that I talked about as well. In the capability there, we’ve announced risk-based patching. It’s going to be a release that we’ll talk about. We’ll announce a beta soon. A lot of capability around identity, Falcon Data Protection. Wow, an incredible amount of innovation has happened in data protection. Customers have the ability to use this to understand what’s running in their environment, how people are accessing data, where the data is going.

One of the dashboards that we released and announced this week is an insider threat dashboard. Insider threat capability within threat and within data protection. It’s one of the big things that customers are asking us for. Of course, we talked about so much this week around securing the AI ecosystem. A lot more to come at the event. We’re going to go and do a whole heap of additional demos tomorrow morning, new demos, which will be super exciting. I just have to simply say it is fantastic to be at Falcon and be talking about one thing, and that is innovation that keeps our customers safe. I’ll be back for Q&A.

Burt Podbere, Chief Financial Officer, CrowdStrike: Welcome back Daniel Bernard, Chief Business Officer, and Tom Lee, CISO Gap.

Daniel Bernard, Chief Business Officer, CrowdStrike: Thanks, Tom, and thanks, everybody. We’re back with another fieldwork session here for some good perspectives. Tom, thanks for being here. Congrats on the recent move to Gap. Exciting.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, great. Thanks. I was CISO at Mattel for five years, moved from protecting one iconic brand to an even larger iconic brand. What’s funny was when the recruiter called me about the Gap opportunity, before we even got into the discussion about the job opportunity, I asked them, what endpoint protection platform does Gap use? The answer was CrowdStrike. I was filtering my job opportunities based on what endpoint protection the company used, because if I’m going to battle and I’m going to defend the company, I’m going to ride the horse that I trust in the battle, and that’s CrowdStrike.

Daniel Bernard, Chief Business Officer, CrowdStrike: Here we go. That’s what we like to hear. Where did it all begin, Tom? Where did you first meet CrowdStrike? Where did you decide that we were that right horse?

Rob Duhart, CISO, Oracle Cloud Infrastructure: I first got religion with CrowdStrike in 2020. It was during peak ransomware. We actually were under attack. We had Defender at the time, and my team was doing a POC on CrowdStrike. We had deployed on 10 endpoints, just a very small lab deployment. I was actually online when the attack happened at 2:00 A.M., and this was at the very peak of the ransomware period in 2020. I made the executive decision to push the CrowdStrike EDR to all 20,000 endpoints. I didn’t talk to the CIO, didn’t talk to the CEO. I said this is the only way we’re going to contain the attack. Not only were we able to contain the attack and stop the breach, but when we actually disclosed the event, we actually had positive press coverage. Our corporate comms team said we’ve never seen positive media coverage when you disclose a ransomware attack.

We measured the stock performance, the one-month period and the three-month period after the disclosure. We outperformed our industry average and our closest competitor by 2x. In many ways, you could say that CrowdStrike paid for itself. That’s when I had religion.

Daniel Bernard, Chief Business Officer, CrowdStrike: There you go. Deploying us in that moment started a broader transformation journey. We’ve produced a lot of different products since 2020, and you’ve been a part of many of them. What was the journey that you went on? We can come back to Gap and talk about the journey you’re on right now. What was the journey that you went on previously?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, you know, first we started with CrowdStrike as the best endpoint protection environment. In my Gap environment now, we have 98% of the IT estate protected by CrowdStrike. It’s a fairly decent-sized footprint. We have eight or ten modules, I can’t remember. We’re in the process of evaluating four additional modules right now, active proof of concepts. In fact, in the green room, I actually approved an additional purchase for Falcon Shield, I mean, literally a few minutes ago, which will increase our ARR by another 20%. We have an upcoming renewal next year. I didn’t think it was possible, but we’re actually probably going to double our ARR, what we’re currently spending with the renewal.

The great thing is I have a fantastic story to tell because as part of that renewal, not only am I adopting more CrowdStrike, but I’m also able to displace existing tools I currently have. I end up showing cost savings, which makes me look like a hero. I get more CrowdStrike, which is easier to manage, and it’s a platform that we trust.

Daniel Bernard, Chief Business Officer, CrowdStrike: You did it through Flex. Maybe talk us through how you put your Flex together and the process around adoption of our technology with Flex.

Rob Duhart, CISO, Oracle Cloud Infrastructure: You know, I love Flex for a lot of reasons. First of all, you know, at Gap, procurement is very rigorous, to be nice. It can literally take three months to get a simple deal through. It makes sense. We have a very large footprint and a lot of reasons why. With Flex, once we had Flex, the friction, the commercial friction was gone. I could add modules as I needed. I could right-size as I needed. I’ll give you an example with Falcon Shield. You know, with the recent SaaS software attacks, I wanted to bring in a SaaS security posture. We tested all the competitors. We tested Obsidian, we tested AppOmni, who came from Salesforce, and we selected Falcon Shield. Instead of having to go through the normal procurement process, I could immediately add it. Not only that, I could scale it incrementally.

I have long-term cost savings because the commercial friction is reduced. For example, we initially deployed it with just 2,000 of our core users. As I add additional SaaS platforms, I can scale it up to add our 30,000 corporate users. When I’m ready, after holiday peak, I’ll add the remaining 88,000 frontline workers, our warehouse and our retail workers. That flexibility makes it super easy, reduces the commercial risk. All the other options, you’re going to have to negotiate a large license, you know, tune-up and right-sizing considerations. Falcon Flex reduces the commercial friction. That’s why I love it.

Daniel Bernard, Chief Business Officer, CrowdStrike: Let’s hit another part of the platform. One of the things that we all hear very regularly from CISOs is the cost fatigue with legacy SIEMs. How are you in that transformation journey, really having us be a key part of your SOC, be that operating system cybersecurity? Where are you with the whole SIEM journey?

Rob Duhart, CISO, Oracle Cloud Infrastructure: I think like a lot of enterprise companies, you have your EDR platform, we have CrowdStrike, and you have your SIEM platform, and we have Splunk. Every CISO you talk to has a love-hate relationship with Splunk. Splunk has good capabilities, but it’s also super expensive. Every year you’re looking to reduce your Splunk costs. One of the things that we did early on was we added Cribl. It’s a good story. Spend $1 million with Cribl, save $3 million on Splunk. We still have significant Splunk costs. That is why I’m really excited about Onum, because now I can also use Onum to reduce my Cribl costs and then have all the native telemetry and new threat detection left. I’m super excited about Onum. Specifically with Splunk, what we’re currently looking at now is saving costs on Splunk by leveraging Next-Gen SIEM.

The reason why Next-Gen SIEM, I think, is the right choice, not just in terms of feature parity versus the other SIEM options out there, is I really think just philosophically, we’re going to be in a future very shortly where all the third-party consumers of data telemetry, whether it’s SIEM platforms, third-party AI platforms, etc., will not be able to compete because they won’t have access to the native EDR telemetry that you get within the CrowdStrike ecosystem, as well as all the contextualizations. What vulnerabilities do I have? What’s the identity behavior? What’s the known behavior? What’s the expected behavior? We had an issue this morning, and the very first question I asked was, is this user traveling? Is it a VIP? Do they have administrative access? Within Splunk and other third-party platforms, you have to configure all of that correlation, all of that contextualization.

We have a very small instance of Next-Gen SIEM because that’s one of the ones we’re evaluating. All that context was immediately available. It’s a complete game changer for us.

Daniel Bernard, Chief Business Officer, CrowdStrike: One of the things I really like about Tom is he gets his hands dirty in the product and is always discovering new things and giving us, by the way, great feedback. Tom, what’s some of your favorite hidden gem modules, whether it’s maybe Spotlight or some of the other ones that you’ve really derived a lot of value out of?

Rob Duhart, CISO, Oracle Cloud Infrastructure: You know, Spotlight, which is the vulnerability management module, initially I thought it was just potentially, you know, like a Qualys or Rapid7 replacement, which is nice because there’s going to be some significant cost savings there. One of the things I love about Spotlight is, you know, Gap has a very, very large retail footprint. We have 2,500 stores. We did $5.7 billion last year just on our e-comm platform before accounting for in-person retail. Our PCI compliance cycle is operationally very painful. I mean, it’s thousands and thousands of hours across the company, across the technology teams to meet PCI compliance. The traditional approach is you run a vulnerability scan, you see what’s in scope, you go ahead and you patch or remediate accordingly. With Spotlight, I’m able to identify not just where I’m vulnerable, but I’m able to look at the exploitability.

I’m able to look at the attack path. I’m able to ask Charlotte AI, what’s the confidence level? Now I’ve been able to de-risk our PCI compliance literally by 6,000 hours, 6,000 man-hours this year versus the past two years. I’m looking like a hero. I didn’t do anything. I just switched from using traditional vulnerability management tools to adopting Spotlight.

Daniel Bernard, Chief Business Officer, CrowdStrike: Awesome. Awesome. When it comes to SOC operations, tying it all together, Falcon Complete, how has that been part of your journey?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Oh, you know, we’re a huge Falcon Complete fan. Every other MDR option tries to pitch, you know, cost savings and other benefits. I always say no. I use Falcon Complete since 2020. Falcon Complete is not only the tip of the spear, but it’s also the last line of defense. One of the great things about Falcon Complete, it completely inverts my SOC operations model. For my SOC, instead of relying on my, you know, outsourced partners or even my security analysts to be that tip of the spear, about 90% of all the incidents that matter, Falcon Complete detects it, either escalates to us, or in many cases remediates it on our behalf. It completely changes how I look at security operations because now you don’t have that pressure of having complete coverage on every possible attack. You can focus on adding more value to the business.

Daniel Bernard, Chief Business Officer, CrowdStrike: Gen AI is one of these areas where I think you heard George and Mike talk about it, where we’re all looking at it and the market is looking at it as unlocking the next chapter of capability, but also the next chapter of cost efficiencies. How are you thinking about your security AI journey? Where do we play in that?

Rob Duhart, CISO, Oracle Cloud Infrastructure: I think every enterprise company is looking at Gen AI security tools. You know, whether that’s some kind of guardrail type solution or a proxy solution, everyone’s looking at it because the Gen AI sprawl is kind of everywhere right now. There’s lots of risk around Shadow AI. The biggest challenge, just speaking from a theoretical security perspective with Gen AI, is that the control plane and the data plane are the same. For example, when you use an LLM like ChatGPT, the same administrative instructions you give it are the same as the data instructions, you know, when you ask a question and you get a response. That single architectural flaw is what spawned this entire market, you know, around AI security.

What’s great about the CrowdStrike platform is if we can enforce our AI security within the CrowdStrike ecosystem, we have full end-to-end visibility and control of the data plane and the control plane. Any other Gen AI solution is essentially a bolt-on. I really think the market is going to quickly converge on centralized platforms that have that full visibility and control. That’s the only way you can really secure Gen AI.

Daniel Bernard, Chief Business Officer, CrowdStrike: I think it’s a really good point to kind of bring up. Is this something you see being solved by a network security vendor, or what’s our role in solving this problem from your perspective?

Rob Duhart, CISO, Oracle Cloud Infrastructure: The trick with Gen AI is it’s not just about looking at the inputs and the outputs. I mean, that’s what the current vendor space is talking about. It’s really understanding contextually what access that user has, what that user’s expected behavior is, and then you can make security decisions on whether you should block or not block, etc. The only way to do that is within a complete end-to-end platform. We get that with CrowdStrike, not just on the EDR, but we get it with cloud, we get it with networking, we get it with configuration, you know, policy, posture management. The only way to secure Gen AI is really within an end-to-end ecosystem. I think all the point solutions that we’re seeing now are going to just confuse the market because what are we going to do?

Add multiple point solutions for every aspect where we’re using Gen AI? It doesn’t make sense. It has to be centralized.

Daniel Bernard, Chief Business Officer, CrowdStrike: Exactly. As you’ve gone on this journey with us and you do your plan, you have a rigorous procurement team. It is what it is. I’m going to shift to a different area. Somebody’s in that room raising their hand and saying, hey, what about Microsoft? How does that all fit into your decision, your plan, your strategy, and the outcomes you see?

Rob Duhart, CISO, Oracle Cloud Infrastructure: You know, I’ll be honest, we’re a very, very large Azure shop. They’re a huge partner of ours. All our e-commerce, all that $5.7 billion runs on Azure. We’re also an E5 shop. We looked at replacing CrowdStrike with Microsoft. Commercially, it looked like it made sense. We went through that evaluation. One of the things I found is that just because you’re an E5 customer doesn’t necessarily mean that Microsoft costs less. In fact, when we looked at it, compared apples to apples, switching to a Microsoft solution, even if you discount all of the switching costs and the pain to migrate, ended up costing us more because there are variable costs that are hard to predict in the Microsoft world. I really felt like it was a bait and switch. I’m saying this kindly because we’re a very large Microsoft shop. We didn’t switch to Microsoft.

Not only that, I started as a hacker before I became a CISO. Anytime there is any new research around EDR evasion, EDR bypass, that’s kind of my area of specialty. I’ve actually tested the recent EDR killers, EDR evasion research that’s been published in my home lab. CrowdStrike was able to detect and block the EDR bypass technique. Just completely frank, Defender for Endpoint did not. Part of the reason why is what I mentioned earlier. Microsoft relies on operating system components because the control plane and the data plane is the same. Philosophically, I think you need to separate your security stack from your operating stack. I don’t think I would ever go on an all-Microsoft solution, even if it costs less and it ended up costing more.

Daniel Bernard, Chief Business Officer, CrowdStrike: Well said. Summing it all up, rounding it out today, Tom, you’ve been on multiple journeys with us. You’ve been at the cutting edge of our innovation, providing us fantastic feedback along the way. When somebody asks you why CrowdStrike, how do you answer that question?

Rob Duhart, CISO, Oracle Cloud Infrastructure: It’s the only company I trust. I mean, seriously, when it’s 2:00 A.M. in the morning and it’s your butt on the line, you know, who are you going to call? Literally, CrowdStrike is the one company that I have full trust and confidence in. It saves me money, and it’s been flawless. Total cost of ownership is lower. I do want to add one more comment. At Gap, we’re a very large outsourced company, like a lot of other enterprise companies. When I look at what security platforms we want to adopt, I’m not just looking at the capabilities. I’m not just looking at license costs, all those commercial things. I’m looking at total cost of ownership because if I have to bring in subject matter experts to operate something, I’m not going to be able to outsource it. We’re over 80% outsourced.

We have thousands of outsourced engineers and technologists. I need a platform that is easy to manage, easy to provide governance, and easy for me to deploy. When you look at some of the other solutions out there, even if you believe that commercially it makes sense in terms of a cost perspective, the total cost of ownership is significantly higher. Above and beyond all the reasons I love CrowdStrike, it’s been the easiest one for me to deploy, get time to value, and to manage.

Daniel Bernard, Chief Business Officer, CrowdStrike: Tom, thank you so much for your perspective today. Great insights. Thank you.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Thank you.

Burt Podbere, Chief Financial Officer, CrowdStrike: Please welcome Bill Freiberger, Principal, Technology Consulting, Cybersecurity, EY, and Dave Burr, Global Head of Cyber Resilience, Kroll.

Daniel Bernard, Chief Business Officer, CrowdStrike: Okay, last bit of fieldwork. We just heard from two fantastic customers. The proof is in the pudding. Now how we go to market is really the focus with our partner ecosystem. Two different partners on the stage, both focused on services. I’m really excited about this panel. Bill, Dave, it’s great to have you both. I’m going to let you both introduce yourselves, as well as explain to us how CrowdStrike today fits in your practice. Bill, why don’t we start with you?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Sure. Bill Freiberger, I’m EY’s Americas Cybersecurity Advisory Leader and former Deputy CISO at Procter & Gamble. I’m building my business off of CrowdStrike. I’ve got over 250 people trained, operating, executing. This is the growth strategy for EY’s Cyber Advisory.

Burt Podbere, Chief Financial Officer, CrowdStrike: My name’s Dave Burr. I’m the Global Head of the Cyber and Data Resilience business at Kroll. I happen to know this man quite well because before coming to Kroll, I ran the EY Cyber business, and I’m happy to say I successfully recruited this man directly through Procter & Gamble. It was a great hire, and I’ve watched Bill have a lot of success over many years. I’ll just comment briefly on our stance with respect to CrowdStrike. First and foremost, we have a very large cyber incident response business. We handle somewhere around 1,000 cases a year. Most of that workload that we handle falls within the small and mid-sized business segment. These are businesses that are, say, between $100 million in revenue up to $4 billion in revenue. Around the world, there are around 100,000 companies that fall into that segment.

Interestingly, about 31% of the world’s GDP is produced by this segment. This is an extremely important segment. I remember when I was back at EY, I was out at a company called Caterpillar. We were just talking to Caterpillar about their business. They said about 93% of the products that we make are actually manufactured within the small and mid-sized business segment. They’re a critical part of our supply chain. We operate in this space. We’re working thousands of cyber intrusions in this space. We really need to have the very best technology in the world to help us undertake this task with efficiency. This is the area where CrowdStrike is incredibly important to us right now and going forward.

Daniel Bernard, Chief Business Officer, CrowdStrike: Perfect. Perfect. Really two kind of different market segments represented. Bill, I’m going to come back to you. There’s a good track record and pattern in history here of Next-Gen SIEM adoption and the associated services around that. Can you talk about the practice that EY has built around Next-Gen SIEM? Why were you the first ones and early to really jumping on Next-Gen SIEM and share with us some of the results and thematic wins that you see?

Rob Duhart, CISO, Oracle Cloud Infrastructure: You know, sometimes it’s better to be lucky than good. At P&G, I brought in Humio before CrowdStrike acquired them. I was extremely happy when CrowdStrike acquired Humio because I knew it would get built into the platform. It’s not just another acquisition that’s out there that you have to go get, you know, and try and figure out how things are going to plug in. Once that direction was set, once you adopted the solution, it made it very clear to me from a market perspective, I could go in and I could have a conversation with not just a CISO, a CIO, a CEO on the value proposition. By building around that and saying, I’m not bringing you 15 new widgets, I’m bringing you one solution. It’s an integrated solution. Last year I had 120 people trained. Now I have 250.

I will have 500 trained by the end of our fiscal year. It just works.

Daniel Bernard, Chief Business Officer, CrowdStrike: It’s not just a U.S. phenomenon. I mean, you’re over in Australia, you’re all around at this point for Next-Gen SIEM.

Rob Duhart, CISO, Oracle Cloud Infrastructure: To your point, while I’m more focused on Fortune 500 and Fortune 200 companies, it’s not just those companies. It’s the mid-market, and it’s all of those that are embracing this, regardless of location. It’s not just, you know, the U.S. or Australia. We’ve got teams in Malaysia, companies in Malaysia that are deploying CrowdStrike Next-Gen SIEM with EY.

Daniel Bernard, Chief Business Officer, CrowdStrike: Dave, as you think about, you know, there’s a much bigger scale in terms of the number of businesses that you support. Historically, Kroll was working with a variety of vendors. You know, what we’re hearing in the market is customers want consolidation. We heard that from our previous two customers. I’m also hearing a lot that partners want consolidation too.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah.

Daniel Bernard, Chief Business Officer, CrowdStrike: How do you see that manifesting in your strategy at Kroll?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, I mean, it’s interesting. I think in many ways, the way that we choose the technologies to enable our business is very similar to the way that any business would choose technologies to support the underlying business. I mean, I will answer your question, but I think there’s also another market segment comparison that’s really, really quite interesting. Kroll is a firm that is largely owned by private equity. We happen to do a lot of work in the private equity space.

What’s very interesting to me, when I talk with the largest private equity firms in the world or, you know, mid-tier private equities, I am hearing more and more a shift in the strategy and the stance from we let our portfolio companies decide what they want to do to we’re actually putting a lot more specific direction around the kinds of technologies that they use to protect themselves. I mean, this is, I think, maybe more true in cyber than it is even in other areas of infrastructure because of the significant amount of risk that comes from cyber. The other reason is there’s so much risk that comes from being highly acquisitive. In the private equity arena, by definition, they’re out there, they’re acquiring companies very, very rapidly. Then they’ve got to decide how do they operate them and how do they integrate them.

Daniel, kind of coming back to your questions, one of the really interesting things that we’re starting to see in the private equity space is we’re being asked to go out and look at every single portfolio company, evaluate their risk, and then make recommendations around how do we, in an efficient way, draw down risk and how do we operate more efficiently. What we are really starting to see right now is private equities of all sizes are saying, we’re just going to go with CrowdStrike and we’re going to deploy CrowdStrike everywhere across our entire portfolio. How do we choose which technologies we use? I like to think of our cyber consulting team as being a special forces unit. Whether you’re a SEAL team or a Delta team, those units are allowed to choose the weapons that they use when they go on their missions.

What do they choose? They choose only the very best weapon every single time because they can, because their mission’s that important. I think of the decision for us to choose technology as being similar to a special forces unit. That is why we choose CrowdStrike as the very best weapon to go into battle to deliver the best outcomes for our clients. The final thing that I will share is because we encounter so many victims, they will invariably say, after we have dealt with a threat actor in their environment, can you please help us? Can you, you know, can you help us? Can you stick around? The answer is, yeah, yeah, we can. This is where it makes a tremendous amount of sense.

If we’re using CrowdStrike to respond to an incident, to switch to a CrowdStrike Falcon Complete solution to have this ongoing level of risk management really just now and moving forward.

Daniel Bernard, Chief Business Officer, CrowdStrike: We’re seeing a lot of success from that incident response conversion to Falcon Complete through Kroll. That’s very exciting and I think a very good strategy. Bill, I want to come back to you on consolidation. You’re talking to CIOs, you’re talking to CEOs of the world’s leading and largest companies. You’re probably hearing consistent feedback on consolidation. Where does CrowdStrike come up in that discussion? How do you position us?

Rob Duhart, CISO, Oracle Cloud Infrastructure: To your point, I position you first. There’s the fatigue that’s out there. It’s so real. I used to say, I don’t need a technology stack. I need more of a Venn diagram. What CrowdStrike gives me is a really, really large circle. I have such a foundational area. I heard Mike talking about it in terms of just how easy it is to enable. I don’t need connectors. I don’t need additional procurement, additional licenses. I have it all in one, essentially one-stop shopping. From a CEO perspective, I just had one with a Fortune 20 company on Thursday. He said, we keep getting asked for all these tools, and we don’t want to say no. What would you recommend? How do we go about managing the mess of the ecosystem? What Tom said is exactly what I said. CrowdStrike is foundational.

You’ll be able to get rid of, in this case, at least 20 different solutions and consolidate around one. His point on time saved, saves security’s time, saves procurement’s time, certainly makes the CEO a little bit happier in terms of overall number of pieces of tech that are out there.

Daniel Bernard, Chief Business Officer, CrowdStrike: There are a lot of vendors today, or at least a handful that’ll say, hey, we can be that consolidation partner for you. They may have multiple platforms stitched together, etc. Why is it that you put us at the top of the list?

Rob Duhart, CISO, Oracle Cloud Infrastructure: I mean, one, it’s the best, but really, I don’t have to do that. Those connections, the different screens, all of those pieces, I like fishing. I like analogies around that. As a, I don’t want 15 lines in the water. I want one net. Right? I want a big net. This gives me the ability, depending upon the role I have, to go into the same platform, get the information I need, and have it all correlated together. I can’t, I haven’t found a solution yet, and I’ve been doing this for 28 years or so, that gives me that one-stop shopping.

Daniel Bernard, Chief Business Officer, CrowdStrike: Do you run, talk a little bit about the assessment work you do and how you use the platform for that as well, because I think it’s a very interesting use case.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, you know, even when we’re not doing incident response, M&A, we’re doing assessments. It used to take, you know, six, eight, ten weeks to go in and get a view of a landscape because I have to have a different identity. I have to have different access points. I get data back in less than an hour. It’s all right there in one platform. If I’m doing an M&A and I want to understand what risk exists, I can give the company the information that day. Right? I get more informed decisions. I get easier access to information, and most importantly, I save a ton of time.

Daniel Bernard, Chief Business Officer, CrowdStrike: I like how we have two different partners on stage serving different parts of the market, different types of companies, but there’s a very common thread that I pick up, which is the focus and the passion and the vision for what they’re doing with CrowdStrike, and frankly, also the results. As we round out the conversation today, Dave, why is CrowdStrike the horse that you’re betting on as you go and do these thousands of breach work, these thousands of incidents, and as you run an MDR? Why are we the winning horse in this big race?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, I think there are two reasons, and I’ll start with the threat actor piece, which I think is incredibly important. Earlier in the day, George talked about all the different component parts of CrowdStrike, and on the left-hand side of his chart was a statistic around the professional services team. What’s important, I think, about that professional services team, which is working hundreds and hundreds of very hard, really hard and challenging incident response cases, is that within that is a continuum. On one end of the continuum are the most sophisticated nation-state actors in the world attacking the most valuable companies, the most valuable data all around the world, and CrowdStrike is working on many, if not most, of those cases and learning an enormous amount, which the entire ecosystem benefits from.

They’re, of course, also working, and so are we, and so are EY and other firms, many, many other kinds of cases, and that intelligence gets consumed inside of CrowdStrike, and it is disseminated to the install base, really creating a systemic inoculation from risk. One of the reasons is the depth and breadth of the intelligence and the speed with which that intelligence is consumed and shared worldwide. The second reason is that there used to be a time when you would hear a CIO say, you can never get fired for choosing IBM. I think we’re kind of in the same place right now around companies deciding, or consultancies deciding to choose CrowdStrike. When you look at the Gartner, Forrester, IDC, Magic Quadrant analyses, and you see a lone participant sitting in the upper right-hand corner and it’s CrowdStrike in all of those, it’s the same exact stance.

You cannot get fired for choosing the very best, objectively the very best technology in the world.

Daniel Bernard, Chief Business Officer, CrowdStrike: Even if it means you got to leave a bunch of other stuff behind and shift your whole strategy. Thank you for, you know, for that color. Bill, your turn.

Rob Duhart, CISO, Oracle Cloud Infrastructure: I mean, I like that analogy. I think, for us, for EY, I think historically you would think about a consulting firm and, you know, we just want to make a client happy. We’ll do this technology, that technology. We’ve got a new CEO, very clear strategy. We’re going to be all in, but we’re going to be all in with very few partners. We are all in with CrowdStrike, and I couldn’t be happier.

Daniel Bernard, Chief Business Officer, CrowdStrike: The consolidation that you see in the market is certainly manifesting in our partner ecosystem. It’s great to have both of you up here. Thank you for the thoughts and the perspectives on CrowdStrike and the whole notion of we stop breaches. It isn’t just us, it’s the we. It’s the firms like yours. Thanks for being there with us on the front lines for driving the transformations. We’ve got a good year ahead of us. Keep up the good work. Thanks, guys.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Thanks, David.

Daniel Bernard, Chief Business Officer, CrowdStrike: Really great, great conversations today. Thank you, guys. I hope this was enjoyable and insightful into why we’re winning in the market today and how and why we’re winning tomorrow. We’re going to clear some chairs up here, and Burt’s going to be back up to round us out for what you’ve all been waiting for. Thanks.

Burt Podbere, Chief Financial Officer, CrowdStrike: Please welcome Burt Podbere, Chief Financial Officer.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Let’s keep it rolling, right? I mean, let’s just keep going. Even I, sitting there next to George, learned a lot listening to our customers and our partners. I think DB did a great job in, you know, getting the right information for you guys. It’s one thing to listen to Mike, George, myself, DB. It’s another one when you’re listening to our customers and our partners talk to us. I think Rob, and I think Tom, and Dave, and Bill, I think they did a great job in kind of just being honest and upfront about how they think about CrowdStrike and how they think about their businesses. All right, let’s get rolling. You know, George and Mike talked a lot about our opportunities. I think it’s a great opportunity to spend just a few minutes recapping because I think there was a lot there.

I think for us, you know, when I think about all the things that George and Mike talked about in our opportunities, I think about number one, agentic AI is cybersecurity’s largest opportunity yet. George talked about, you know, 100 times identities, 100 times the complexities, 100 times the opportunity. I mean, it’s here. I think that what we have in front of us is really exciting. We moved into, you know, Mike and Mike talking about the agentic SOC evolution. I think, you know, what you heard and what you saw on the Onum demo, you don’t have to be a technologist to kind of get what that thing does. It’s faster, it’s more efficient. It plays right into the core differentiation for us. It’s, you know, better, faster, and of course, for me, cheaper. Right? All those things kind of matter. Better outcomes, less cost.

That’s been our core promise to our customers since I joined the company 10 years ago. The third thing was uniquely positioned to be the protector of agents. Right? You’ve heard a lot about AI, you’ve heard a lot about our technology. For us, George talked about it and specifically mentioned we already have, you know, the foundation for the tech to be able to do this. When you talk about Pangea, and you talk about the opportunity for Pangea to help with respect to, you know, protecting these AI agents, the whole package comes together in a way that nobody else in the world can do. That’s so compelling for us when we think about that big opportunity that George talked about earlier on today. I think the fourth thing, you know, Mike walked through, you know, all the announcements and all the innovations. He’s absolutely right. Innovations matter.

Customers stay with us because they know we’re innovating. We’re helping them. We’re helping them save money. In some cases, you heard today, we’re helping them make money. Right? I mean, this is fantastic. Right? We announced 22 new innovations. We currently now have 31 modules, soon going to 32 when Pangea closes. This is going to allow us, all the things that we’re doing is allowing us to reach new heights with respect to, you know, our module count and what we can offer our customers in terms of outcomes. Fourth, we’re supercharging things like NextGen Identity. We’ve got PAM. We’ve got Shield. We’re supercharging our cloud with Pangea. We’re supercharging our Next-Gen SIEM with Onum. I mean, these are things that customers have been asking for. Right? For me, as the CFO of the company, I listen to our customers. Right?

It’s one thing when our engineers say something, and it’s another thing when some of the other folks in my company say something to me. It’s another when customers say it to me. Right? I’m here just like all of you. I’m listening to our customers, I’m talking to our customers, I’m talking to our partners, and I take this back. Right? It’s really important when I think about the deployment of our capital. I got to listen to them. Right? Growing our TAM, both organically and through M&A. We’ve announced what, in the last three weeks, two M&A transactions, and it goes back to what Mike talked about. Great people, great tech. To George’s point, it doesn’t mean we’re ruling out bigger transactions. It’s just that the bar is really high for us. Right?

In terms of an M&A transaction, you know, if we’re going to buy something, we have to see if they have an agent, we have to make sure that it can smash into ours in a reasonable amount of time. If it doesn’t cross that bar, that’s not going to happen. We’re really thoughtful about keeping our promise to our customers with one sensor. Right? That’s our promise. When you put all those together, you can see, you know, these six CrowdStrike growing opportunities, any one of them can be meaningful to our business. I thought it was a great place to start, to just summarize for everybody the things that George and Mike brought to the table. I thought it’s also a great starting point to just reflect for one second here on Q2. From a financial perspective, we were really excited about our performance in Q2.

It starts with re-acceleration of net new ARR, $221 million, you know, a record Q2 in ARR. It starts there. It came in a year, it came in a quarter early. We’ve been talking about re-acceleration and net new ARR coming in the back half, being able to achieve that in Q2. That was really meaningful for us. I think the other two on this page that I like talking about are our record non-GAAP operating profit of $255 million. This shows that we’re continuing to grow our business, but we’re growing it profitably. Of course, the $284 million record Q2 cash flow. George and I always talk about cash flow. Right? We talk about net new ARR, we talk about cash flow. We talk about it every day. Right? Really happy to be able to report those numbers. Now that we’re grounded on Q2, let’s look ahead.

First, I really want to talk about our conviction in net new ARR acceleration. We talked about Q2. You know, I gave some stats, you know, on an earnings call. We talked about, you know, our revenue guide, and it assumes at least 40% growth in net new ARR in the back half. There are a lot of things that go into that, and just not just in terms of, you know, the momentum that we saw and things like Flex and everything else. There were a lot of things that I really, really wanted to focus in on before I gave out a stat like that. Some of them are on this page. You can see them here. I mean, it starts with the platform superiority. One platform, one console, one source of truth. Right? That matters to customers. The Falcon Flex momentum. George shows a slide on that.

You know, all the great things that we talked about on the earnings call with respect to Flex, how it’s being adopted, you know, all the great benefits that we’re getting from Flex. Look, I don’t need to say anything more about Flex. You heard it from Rob, and then you heard it from Tom. I’ll talk a little bit about it a little later, but you don’t even have to listen to us. Just listen to our customers. The strong pipeline, you know, record, you know, pipeline going to Q3. Those three things kind of really play into how I thought about the 40% growth in the back half on net new ARR. Then you’ve got, you know, the continued strong retention. I mean, this is something that we worked so hard on, you know, post the outage.

We had to do all kinds of activities to keep our customers and keep them happy. We did. We’re still seeing the continued strong retention. We had upfront investments in go-to-market, obviously Flex, and then R&D and AI. We talked a lot about AI. All those things combined together get to this chart. Re-acceleration has arrived. Year over year, net new ARR growth of 17% plus because that translates from the 40% growth in the back half in net new ARR. Let’s talk a minute about Falcon Flex. It is a commitment model, not a consumption model. I’ve had a few questions here today when we were on a break about Falcon Flex. George and the customers, they went through it with you. It is easy to digest. We’ve taken out friction from the procurement process.

The other thing it’s done for me in terms of working with our auditors is I’m allowed to then, because it’s a time-based commitment package, like Amazon, it’s time-based, and it’s a drawdown. It’s not consumption, but it’s a drawdown, but it’s for a specific period of time. I’m able to recognize revenue rapidly. For me, that allows me to just talk to you about one model, not mixed models. Let’s keep it simple. We worked really hard to do that. Thankfully, we’re there. It’s been such a success. It’s a success for our customers. It’s a success for us. I couldn’t be happier. In all my years as a professional accountant, I’ve never seen a more eloquent licensing model in my life. The good news is it stemmed from the customers. They said to us, I need access to your entire catalog.

George and team said, okay, we got to make this happen. Here’s what I want. X, Y, Z. We got to make it easy for them to deploy when they want, how they want it. We got to make it easy for us to be able to recognize revenue. I want all these things. Guess what? We delivered all those things. Our customers are happy, and we’re happy. George presented this slide. I smile every time I see this slide because it’s showing the success of Flex. The one thing that’s not on here is of that cohort of Flex customers of over 100, and the average Flex time of five months, we had an uplift of 50% of the contract in five months for that cohort. 50%. That’s a big number. Nobody was more excited about that than I was.

It just goes to show you how when you’re able to invent something or innovate something, how it can really pay dividends. We’ve seen it in terms of George talking about all the copycats. You know, it’s the most sincere form of flattery you’re ever going to get. Right? Now everybody’s talking about Flex. They don’t even bother to change the name, as George said, it’s Flex. Which goes to show this is why. Right here. When you put it all together, the accounts that have Flex, that have adopted Flex, won over $1 billion in ending ARR. That’s a big milestone for us. $1 billion in ending ARR. For me, I like to say that’s a big number. Right? Something that, you know, we innovated, we were able to kind of find the right answer for our customers first. That was the most important thing. Then for us, second.

I don’t know about you, when you watch TV and you want to be, you know, a doctor or you want to be, you know, a fighter pilot. Me, I like to be a mythbuster. Right? One of the myths I, you know, that I want to talk about is that Flex, it’s for all our customers, not just for enterprise. There’s a lot of comments out there that Flex is really focused on enterprise. Look at the data here. Flex logos, as of 2Q26, you can see 61% enterprise, almost 40% in non-enterprise. Here I am playing my, you know, my pretend role as a mythbuster, and I have data to prove it. You know, it’s a great position to be in when finance can help the sales effort. Near and dear to my heart. Right? CrowdStrike Financial Services.

The benefits that we achieve with the Financial Services Group, we get closer to the customer. We build relationships with them because we’re doing more than just being able to provide the technology and helping them solve outcomes. We’re helping them finance this thing. It fosters larger and longer-term deals. This has been a big tool in the sales rep’s bag, certainly when it comes to Flex, where with Flex deals, we’re doing bigger, longer deals. This goes hand in glove with respect to, you know, being able to kind of help in selling Flex. Margin prevention, why give out, you know, that margin to some third-party bank? Let’s do it ourselves. It’s an investment-grade loan portfolio. The good news about this is it’s basically a three-page document. You don’t need a battery of lawyers to kind of go through our financing agreements.

It goes back to what George has talked about since day one. We got to take friction out of the system. We got to make sure it’s easy for our customers. This is just another way to do that. You can see some of the stats here that are really exciting. 95% of the portfolio is really for net new, not renewals. 50% of the portfolio was for, or greater than 50% of the portfolio was Flex. We’ve loaned out $230 million in loan value since the launch of CrowdStrike Financial Services. These are all great indications of the success of another kind of innovative program. Of course, it’s in finance. I get excited talking about it. You’ve seen this slide. We’ve talked about this slide. Re-acceleration has arrived 2Q26, FY26. You got the 17% plus year-over-year net new ARR growth.

I’ve talked really about the three items on the bottom at length. They all give me a lot of confidence in talking about a bunch of different things, including where we’re going to go next. You got to stay tuned for as I think about FY27. One modeling note, just one that I want to leave you all with. The impact of CCP and related partner programs. In the same vein of being transparent and something that we’ve always tried to do with all of you folks is we want to be really prescriptive on our transparency. We talk about 3Q26 having the modeling note ARR to subscription revenue of $15 million. We said it tapers off to between $13 million and $15 million in 4Q26. I wanted to be really prescriptive about it and share with you how I think about it.

This gets you to the midpoint of the Q3 and FY26 revenue guide where I want you all to be. This is how we think about business. We’d like you to think about it the same way. Here we go. I think someone came to me and said when George presented this slide, they liked the up and to the right. I like up and to the right. Without further ado, the up and to the right is we’re looking at 20% plus year-over-year net new ARR growth for FY27. When we thought about how we wanted to communicate to you how we feel about the business, the momentum of the business, the re-acceleration of the business, that’s it right here. This is how we think about it.

As all of you know, we’ve been really thoughtful in terms of what we’ve disclosed to you, how we’ve disclosed it to you. We want to give you more to help you build your models, not only for now, but in the future. As a lot of you know, we haven’t given out a whole lot of data, certainly at this point of time, in a fiscal year for the following fiscal year. I’m happy to be able to share that with all of you today. For us, we’ve heard from our customers. We’ve heard from our partners. You heard on stage how successful the partners are. You’ve heard on stage that some of these partners are building $100 million businesses with us. For us, they’re building SOC transformations. How are we helping them? We’ve got our Next-Gen SIEM with Onum.

We’ve got our Next-Gen Identity with PAM and with Shield. These are real businesses that we’re trying to help them with. The programs that we used to retain our customers with CCP were really successful. We said to ourselves, why can’t we turn these programs and drive more net new ARR? Why can’t we do that and be successful with our partners going forward? We said, yeah, we should be doing that. At the end of the day, the success that we saw, we don’t want to leave it on the table. We want to go after it. We want to show everybody that, hey, our partners matter to us. We’ve taken this opportunity to share with you how we think about it, how we think about our partners building businesses around us.

We’re also leveraging our partners to be able to activate Flex, not only activate Flex, but to utilize Flex. They’re a huge extension of our sales force. They talk to customers all the time. For us to be able to incent them to go do these initiatives is a huge win for us. It’s a huge win for them. You heard Bill and you heard Dave on stage saying how they think about our business. Here, we’re going to incent you to do that. We estimate that the total partner, a total estimated partner program contra revenue as a percentage of total revenue is 0.8% for FY27 and for the foreseeable future. We did our own research internally, and we believe that that is well within the industry norms.

We feel really good about these programs that we’re putting in place going forward, going after the $20 billion and then going after the 20% that I just showed you. This is really important to us. I think that you heard it directly from the partners, how they think about building their businesses around us. All right. We’ve always talked about growth, not at all costs. Here’s the example, right? Margin expansion. We’ve got non-GAAP operating margin in FY27 at 24+%, coming from 21.1% to 21.6% for FY26. We’re doing all these things to make sure that our customers are delighted, but we also want to make sure that we’re still thinking about profitability.

When we think about all this, it stems from a bunch of different things that we’ve talked about today, from our growth initiatives, from our innovations, our upfront investments that we’ve been making, certainly in the first half, and the efficiency gains in the businesses that we’ve talked to and talked about. We’ve got a lot of opportunity to be able to continue to grow our business profitably. It also translates into expanding free cash flow margin in FY27. I’ve talked about 4Q26 being 27%, FY27 greater than 30%. We get confidence in that through all the initiatives that we talked about, but also Flex, the bigger Flex deals that we talked about. We’re talking about bigger, longer deals with our customers. You heard two of them on stage today. They’re going all in with us. I heard that, I don’t know how many times. We should have counted five.

I heard at least five times that I heard we’re all in with CrowdStrike. This is going to help our free cash flow. I’m excited to be able to present this information as we look beyond this current fiscal year. For me, I think this summarizes it all. For our FY27 expectations, net new ARR growth, year-over-year, 20% plus, non-GAAP operating margin, 24% plus, free cash flow margin, 30% plus. Really happy to be able to present that information. It started with acceleration in 2Q26. Then it went into what I’m talking about, the acceleration in the back half of FY26. Now continuing with our strong momentum, our growth opportunities, our margin expansion initiatives into FY27.

In that same vein of more transparency, trying to give you more information about insights into our business, I’m going to give, or we’re going to give formal FY27 ARR guidance at the end of 4Q26 earnings. I’ve never done that before. I’m excited to be able to talk to us being able to give you even more. You like that one? I know, thumbs up. We’re trying to also do all the other things that we’ve been trying to be transparent about. This is just another example of how we’re trying to be more transparent with everybody who’s following CrowdStrike. All right. Let’s shift a little bit to achieving the target model. Let’s look even further into the future. I’m going to talk about our FY29 target model.

When we announced the target model two years ago back at Falcon, we were really thoughtful about how each of the different pieces play to get to that $10 billion. Now we’re talking about $20 billion. It really starts with gross margin. I think one of the things I’m most proud about of being a CFO at CrowdStrike is our journey with gross margin. When I first started, gross margin was around 30%. Today we’re over 80%. It’s a journey with my partners in the business, whether it’s Mike, George, the whole group, to be able to get and achieve these numbers. It was a journey. We were successful at it. For us to be above 80% non-GAAP subscription gross margin, that’s a big deal, especially from where we came from. We think about the last 12 months of the margin dynamics, a lot of things have happened, right?

The last 12 months, as you all know, we were focused on retaining our customers. That was mission number one. We gave out some CCP and related partner rebates. We had a lot of upfront investments in platform resilience. We had upfront investments in international expansion. Those were some of the headwinds that we were up against in terms of our gross margin. Some of it was countered by some of the benefits. The data center investments we’ve been making are paying off. Our economies of scale. The leveraged use of lower cost geographies. We were able to leverage moving some of our data with AWS, which is a great partner of ours, from West 1 to West 2. An efficient use of compute and storage. That’s helped us to be able to maintain that 80% gross margin on a non-GAAP basis for our subscription revenue. It doesn’t stop there.

I had sights of a bigger gross margin, and I want to share with you how I think about it and how we can get to our target model, which is 82% to 85% FY2029. Let’s think about number one, migrations and optimization. We still have a tremendous amount of room for migrations to our own data centers and optimizing within our own data centers. There are many ways we can do that. I think about the multiple data stores that we have. Being able to consolidate the multiple data stores is going to reduce cost. The continued work that we’re doing with migrations, that’s going to help reduce costs. Economies of scale. We’re a lot bigger than we were two years ago. We’re a lot bigger than last year. We have more leverage. This is going to translate into more cost savings for us. Strategic use of AI.

We’ve been talking about AI all day, all week, really. We use it ourselves, right? We think about the efficiencies that we can gain in bending the hiring curve, right? We think that there are opportunities to go into each one of our departments, certainly the ones that impact gross margin, and say, hey, look, we’ve got tools. We have AI tools that can help you reduce your cost, your need for hiring more and more folks. We’re trying to break that mold. We’re trying to figure out a way to do it more effectively, more efficiently. This is one of them, use of AI, right? You heard Mike talk about the AI agents that can help reduce time to get tasks done. Automation. This is like one of my favorite words, automation, because I think reduction of dollars, automation. Let’s go, right? Onum. Owning the data in motion.

We talked about the detections that take place within Onum before it even gets to our Next-Gen SIEM. That helps reduce costs, right? All of these things give me a lot of confidence in being able to talk about hitting our long-term model for gross margin in FY2029. Here’s what the model looks like. As you remember, we talked about subscription gross margin. We’ve already been able to hit our long-term target models for sales, marketing, R&D, and G&A. We talked about our operating margin, where we’re going next year, you know, 24% as a minimum. We talked about our free cash flow percentage being, you know, greater than 30% next year. We are on our path, on our way on our path to get to our long-term model. I feel really comfortable and confident about being able to achieve these targets.

For me, I think about all the big deals that we’re doing, and you’ve heard about some of them on stage here in terms of with our customers and what Flex does. Flex is a big momentum gainer for a lot of these things. I envision a world, and I’m sure George does too, and we talk about it, where we only have a Flex license, right? That’s the one, right? We’re not quite there yet. You can see with the momentum and the success that we’re having with Flex, that that’s a path that we would like to go down. For us, that drives a lot of this model, the efficiencies that we’re able to gain. We are now wildly focused on the path to $20 billion in ending ARR. You’ve seen this slide.

I remember in FY22, when we talked about hitting, you know, the $5 billion, you know, by FY26. I’ve already told everybody on the earnings call that we’re going to be there. We’re almost there right now. Back then, that was a bold statement. Back then, it was, you know, we didn’t know all the things that we know today, but we’re going to achieve it. Then we talked about hitting $10 billion in FY31. Then we talked about $20 billion in the future, and you can see why. Agentic SOC, a big piece to get to the $10 billion. You’ve got the agentic everywhere to get to the $20 billion. Those numbers that George was putting up, we had a lot of thought that went into those numbers. Right?

We feel that there’s such a great opportunity right here, right now for us to take advantage of, by the way, all the work that we’ve been doing for years. That’s what gives us confidence about talking about the $20 billion. A little more insight. Two years ago, we showed you this slide. Two years ago, we showed you what we thought we’d be able to do with respect to each of these businesses. Then we showed you the TAM that we thought was there for calendar year 2028. Here’s what we think today. Adding Pangea to Cloud. Adding Privileged Access and Shield to Next-Gen Identity and Onum to Next-Gen SIEM. That TAM on Next-Gen SIEM tripled from the previous slide. You can see that we’re thinking about this, I think, the right way in terms of how each of these businesses can grow.

We also have significant new logo runway in global enterprise and SMB. This also gives me a lot of confidence. Look at the headroom. For the estimated logo penetration in the global 2000s, we’re still under 40%. Estimated logo penetration in the public sector, less than 2%. Estimated logo penetration in companies that have 5 to 250 employees, less than 1%. Globally, there are over 50 million of these businesses. We have a tremendous opportunity with respect to that. Finally, our estimated logo penetration in companies, 251 to 7,499, roughly 7%. When I think about how much headroom we have in each one of these things, I get excited. There’s a lot of opportunity for us. There’s also a geographic opportunity. You can see what our international TAM opportunity is at $139 billion. We’ve been hovering around 67% of our business and revenue in the U.S.

and 33% of the rest of the world for quite some time. It’s not because the rest of the world has been doing badly. It’s just that our Americas have been doing really, really well. George and I often talk about the fact that we’d love to be able to see this more like 50-50. We think there’s a great opportunity in the rest of the world. We’re making investments in the rest of the world, and we think we have a real opportunity to go grab a bunch more of that $139 billion.

Burt Podbere, Chief Financial Officer, CrowdStrike: In calendar year 2030, expansion opportunity within our base. Existing modules within our customer base. We’ve got $4.7 billion to work with. Guess what? If you just had those customers and you extended them through our Flex, and they draw down all of our modules, guess what? There’s an opportunity of an additional $20.6 billion. That’s a great opportunity for our install base. You could see how I think about things. Total install base opportunity as of FY2026 is pretty damn big. I get excited with new logo, and I get excited with expanding in the base. I get excited by both. We can reach our goal of $20 billion with only the install base we have today. We had two partners up here. You heard them talk about building their businesses around us. You can see here that 90+ of our businesses each have a $50 million business.

You can see 200 of our businesses each with $20 million of business. That’s just in CrowdStrike business. This is incredible. You’ve got 370 partners transacted Flex deals. You’ve got 675 partners that doubled their business with us. I mean, these opportunities are real. Dave and Bill, they came up here because they see a huge opportunity with us, and they think that they can make tremendous strides within their own companies using us. Our partners are ramping with Flex, with hundreds of partners transacting Flex deals. When you think about our partners and you tie it back to what I talked about earlier, and I talked about how the opportunity is in front of us, I think that all of you see the same thing that I do.

We all see this incredible opportunity for us to go after that $20 billion and being able to leverage our entire partner community. I think we have one of the best partner communities out there. When I think about the path to $20 billion, and I think about calendar year 2030 opportunity zones, we’ve talked about a whole bunch of them today, right? We talked about the $139 billion in international. We talked about the Next-Gen SIEM TAM of $48 billion, and so on and so forth. Each one of those is exciting, right? When you think about securing AI and the $90 billion opportunity, I think we were conservative there. It’s a real opportunity for us. I’ve been at the company 10 years, and never in my 10 years have I been more excited about the opportunities that we have in front of us.

Listening to George and Mike today, and listening to our customers and our partners and how excited they are, I feel that we’re in that pole position to be able to be, you know, the cybersecurity company. I think that with all these opportunities, I think you’re getting the message that we feel really good about talking about $20 billion in FY2036. You know, for us, and I’ll leave you with this, you know, we really pride ourselves in the customer-first mentality, right? From innovating with Flex to all the innovations that Mike has brought to the table, to George’s ultimate vision about how he thinks about data and how he thinks about data being the answer to solving security problems. We’re delivering on all of it.

Now we have this opportunity to go out and showcase, you know, all the different products and technologies that we’ve come out here at Falcon 25 and get everybody excited, our customers excited about what we have down the roadmap. I know that’s a lot to digest. For us, we’ve never been more proud of who we are today. Now, we reached that point where we’ve all been waiting for all your Q&A. With that, thank you. Thank you for your time today. I’m going to ask George, Mike, and DB to come up on stage, and we’ll field some of your Q&A. Now, don’t worry. If I don’t get to you, I’ll be hanging around a little bit later so that you can ask me questions, you know, one-on-one if you so desire. With that, George, let’s get the chairs up here, and let’s start the Q&A session.

All right. Gabrielle, I love it, right? Before we’re even up here, you’re asking a question. Yeah. All right. As promised, we’re bringing back George, Mike, and DB back to the stage. Let’s get, you had your hand up first, Gabriella, before we went on stage. Why don’t we start with you? Why don’t you let us know your, both Gabriella and where you’re from?

Daniel Bernard, Chief Business Officer, CrowdStrike: Hi, Gabriella Bortes-Goldman Sachs. I tried to time the hand for the spotlight, and I think it worked perfectly. Thank you for taking the question. I really appreciate all the detail you shared today. I think this is for Mike and Burt. The $90 billion AI TAM, coupled with all the technical slides that you showed on addressing infrastructure, app layout, all that good stuff, maybe just break it down for us, the monetization model for agents in particular, because the cost per agent won’t be the same as a cost per human. Just a little bit more about how you think about that $90 billion, the pricing model, and isn’t some of that going to be embedded in some of those other product categories like identity and AI SIEM?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Sure. We announced seven agents at the conference. There are significantly more AI agents in the conference. There are significantly more that we’re building that are going to be coming between now and the end of the year, and that’s just the start. To answer your question, some of those AI agents are part of existing modules. Some of them are part of Charlotte, and some of them that we’re building that are new may well be new modules themselves. Some of them are going to help drive sales in modules and adoption of new modules. Some of them are going to make the migration to Next-Gen SIEM a lot better, easier. Some of them are going to be net new that we have. They’re all different depending on what they solve.

Burt Podbere, Chief Financial Officer, CrowdStrike: I think to your point, though, is if you look at protecting a human, you know, with an agent, a sensor, that price point is going to be a little different than protecting an AI agent. If you have 10,000 people in a company versus a million agents, you’re going to have a bit of a different price point, but you’re going to have a lot of agents, you know, ephemeral agents. They come and go. Some might be, you know, permanent. I think, you know, we have to work through the monetization. What I really wanted to reinforce is the fact that all those agents are going to need protection, but they are going to be at a different price point. It’s still a huge market opportunity, as you saw with the TAM on the screen. We work through that.

We have the ability to monetize agents themselves, and then we have the ability to monetize, like, the agents we provide, right? We have the ability to monetize the protection of all other agents that are out there from other companies, right? With the guard railing, with the AIDR, with the identity protection, et cetera. Those will be different price points based upon the agents.

Yeah, we’ve seen, you know, we’re watching closely, the world and how they’re pricing. Today we see, you know, sort of hybrid models. We see, you know, based on, you know, either seats or usage, and we’re just watching closely. It’ll evolve.

Yeah.

For what, seven years, Sackett? I’ve seen you sit in that exact same seat for seven years.

Has he left from Agile? Okay, front row seat.

Thank you. Sackett Kelly from Barclays. Thanks very much for the session. Great customer panels, by the way. I want to dig into the Next-Gen SIEM opportunity or agentic SOC because it feels like the velocity of displacements there are picking up. It’s also, I think, one of your fastest growing products at scale. George, maybe the question is for you. You’ve drawn parallels back to endpoint, right, with that market. I think one of the really interesting dynamics back then was that while disrupting the endpoint market, we actually expanded it, right, while doing that. The question to ask is, can the same thing happen with SIEM? Can that market expand as it gets disrupted, as you are disrupting it? Do you feel like you stand out? Clearly, you stand out very much versus legacy SIEM providers.

What about some of the other ones that are trying to disrupt SIEM as well? There’s a lot there. Does that make sense?

Yeah, I’ll tag team it with Mike. I think that’s right. We’ve disrupted that market, and it has expanded. It’s expanded because it kind of gets back to my point earlier on. Data is really the fuel that helps solve security problems that are out there. We’ve just generated more data. From a technology perspective, we’ve generated more data. From a security perspective, the more you have, the more outcomes you can actually provide. I think when we look at where we are today, you’re going to see more data be generated. If you look at the telemetry coming out of some of these big pods and some of the frontier model developers, it’s incredible. The amount of compute, the amount of digital exhaust, it’s crazy what you have to look at.

That’s great, but then you also have the ability with Onum to be able to kind of pack that and help them save some money, but also take a greater share of wallet into the CrowdStrike pocket. Overall, I think the market’s going to grow. One of the things that we did, maybe just back to the earlier part of your question, when we displaced the existing legacy AV market, the first thing we did was we didn’t go out and say, just throw away what you had. We said, why don’t you just run us in parallel, right? All of a sudden, everybody’s like, geez, that’s better, right? We have the ability to, sure, we’re displacing. You heard all the big customers. We have the ability to run in parallel, particularly with Onum.

You just split the data, keep going where you’re going with your old SIEM, and we’ll just take everything over in ours, and at some point, you’re going to turn the old one off. Before you know it, people are going to say the same thing. That, and they have already, that’s better than what I have. I don’t need that anymore. It really is a great strategy there.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, and you saw the numbers that we showed earlier in terms of where we are. People aren’t going from a legacy SIEM and moving to CrowdStrike without testing the other alternatives in that space. We’re competing against everybody in the area. People are obviously looking at their existing products and seeing what the next generation is going to be as well. We’re competing against the incumbent. We’re competing against the other vendors that are saying they’re disrupting the space. I’ll talk one example of one of the big wins that we had last quarter, one of the big deals for the quarter. They were testing Palo for six months to move off Splunk. It didn’t go well. We came in, we did our entire evaluation, and we hit all the criteria and won the deal in two weeks. Six months, two weeks.

Burt Podbere, Chief Financial Officer, CrowdStrike: Bill’s doing the Next-Gen SIEM transformation.

I’ll try to make my way from this end of the room to this one. Yes, Catherine.

The global question is Catherine from the examples one. So you.

Give her the mic.

Okay. Yeah. You spoke a lot about OneSystem, and I’d like you to compare it to Palo’s four platforms, but could you go into the detail on your pricing strategy versus theirs and your architect and why you feel you’re more competitive? Thank you.

Let me start. I’ll give it to Mike. You know, when I started the company, what did I see? I saw Salesforce, ServiceNow, Workday, nothing in security. No platform company in security. It wasn’t any of the companies you mentioned. It was nothing there. We helped create that. When you look across those, it’s one platform. Like ServiceNow is a great example. You know, you look at what they’ve done and where they came from. They got one platform, right? I just use them. You can go through anyone else you want. That’s what customers want. They don’t want a context switch between different things. They don’t want things stitched together. You know what platform has become? It’s become the new buzzword for point product. If you have four things, you put them together, they’re really four point products.

You just slap a platform label on it and go, they’re four platforms. Customers want one. They want it fully integrated. The problem, you know, why doesn’t everyone have one? It’s really hard. You have to have the right architecture. It’s really hard when you buy big things and you keep buying them to just jam them together and make one. Mike and I know from our prior employer, we bought a lot of stuff. It was really hard to put together, which is why we’re so diligent in like, this is the company we want. This is the team we want. We know we can get that tech integrated. That’s part of our brand promise. Mike, other comments there?

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah, for sure. I mean, look, from a technology perspective, nothing says security like needing a treasure map to find your tools. You know, that’s the reality of having lots of platforms. When you are dealing with an issue and you need to go to all different screens and different systems, you fail. When you need to be the systems integrator to deploy all the products and you’re not Bill and David earlier, that’s cost, that’s complexity, and it just, we find organizations just can’t deal with that. It’s hard to get the products out. They never get deployed. They never integrate correctly. Inevitably, you bring in another product. You mentioned Palo. They’re bringing tools to try to stitch it all together. Over time, that just becomes really, really expensive. To George’s point, we think we don’t want to be a holding company for technology.

We want the technology to effectively help all of the other modules be better. Use the data, collect it once. It’s easier to deploy. It’s cheaper to operationalize. We just know you heard from two amazing customers. They’re basically saying, our jobs are secure because we get security from CrowdStrike. I think multiple platforms, you just can’t say the same thing.

Burt Podbere, Chief Financial Officer, CrowdStrike: You have a common data layer. Getting back to Mike’s point, you collect once, you reuse many. You could see the gross margin that Burt talked about. Every time we add a new module, it’s almost, you know, pure gross margin. Once you have that data fabric in place, which, by the way, is hard, and we spend a lot of time doing that, it unlocks all the other value. You heard it from, you know, our customers. They said, hey, we had all these different SIEM and all these different tools that we had to go hunting around for. Just in the proof of concept, they basically had all the answers they needed from our Next-Gen SIEM because of the data foundation and the architecture.

Right. We’ll kind of work our way through this way. Why don’t you go ahead, Brian?

Hi, good afternoon. Brian Essex from JPMorgan. I remember asking a threat intelligence expert at a well-known threat intelligence company. You’ve got these different vendors coming at the SIEM market from different angles. You’ve got endpoint vendors, and you’ve got network security vendors. Which one’s the most important? He said, endpoint, no question. Having that native integration with telemetry at the endpoint is critical for the most valuable, you know, next-gen SIEM platform. As you look at the agentic opportunity ahead of you, which variables do you consider the most critical for the success and to establish, you know, CrowdStrike as a winner in that market? I think you hit the nail on the head. When you look at the types of data that’s out there, all data is not created equal. I’ve said this for many years.

The fidelity at which we see on the endpoint is well beyond anything you’ve ever seen in the network. Period. We have one of the largest agent footprints in the world for security. Period. When you look at that fidelity, we can tell what the user did. We understand the identity, I mean, down to the process, almost to the thread level of when something happens. All that very rich telemetry gives us an idea of what’s happening. It has set up the foundation for all these other modules that we’ve been able to monetize. We have to apply the same set of principles into an AI agent, right? Because, as I said, it’s going to have identity. It’s going to touch data. It’s going to talk to other systems, other agents that talk to other agents that talk to an MCP server, right?

You have to have visibility through that entire chain, that entire pipeline. You have to put guardrails around it, but you actually have to, like, through the process, understand what’s happening. Because if something breaks, you know, you’re in a large financial institution. If something breaks, they can’t go, "I don’t know." You go back to the regulators, "I don’t know." That’s not going to work, right? You got to go, "This is what happened. Here’s how it all operates. Here’s how we’ve introspected it." We have the deep expertise in that area. We’ve got the guardrailing and the protection around it. That’s the way I would look at it. If you believe in what we built for the human, we take those principles and, you know, a lot of technology is already built.

Take Pangea, and we are in the perfect position to be able to protect all those AI agents with the market opportunity that I showed you.

Roger?

Awesome. Thank you. Roger Burt with UBS. On Pangea, we’ve seen a lot of M&A in this AI runtime security space. George, you talked about what separates Pangea when you acquired it, as well as your right to win in that market. I guess it still feels like we’re kind of in the early days there across all these acquisitions. There’s not a ton of revenue. How do you see that market picking up? What triggers that adoption? I know you mentioned compliance earlier. Is it that simple, or how do you see customers picking up that space?

Yeah, I mean, it’s a fair comment. There’s a lot of players that are out there, actually too many. That’s why they’re all getting bought. What wins in this market is going to be the platform. You know, Oliver is the CEO of Pangea. I said I knew the guy for 30+ years, five different companies, whatever he’s done. He knows his way around. He’s overwhelmed this week at Falcon with customers going, "We got to demo this. We got to see it. We got to..." As soon as it hits the platform, as soon as it hits our distribution, as soon as it hits our partner network, it takes off, right? These are things that this is not another agent, right? It makes it a lot easier for us to integrate it, and they have all the right underpinnings for it. The integration will go smooth.

As soon as it hits the platform, it takes off. The thing that we like about them and what we thought was differentiated is you have a lot of companies. What do they do? They have five guys, a dog in a garage. They connect to a bunch of APIs. They put a nice UI on it, and they call it good, and they want to sell it. That doesn’t always work. If you look at what Oliver and team did, they actually built technology for the developers as well. They’re covering the developer community, which is really important, as well as the runtime piece. This, I think, really makes them stand out from all the other players that are out there.

Good.

Want my brain too?

Yeah, right here.

Thanks. Janey to the Getria Securities. George, Mike. How do you see Charlotte AI Agentic Workflows and things like Fusion and Foundry enabling CrowdStrike to, you know, go beyond just core cybersecurity and delving further into IT use cases? Do you see that potentially accelerating displacing some of these legacy vendors in IT and observability?

Yeah, it’s a good question. We get asked all the time, like, so you do all this for security. What about outside of security? Some of the things that we’ve talked about is, you know, the ability to get data from IT systems or observability data, health data. We do that now. We have this data. We have a lot of customers that are using it for security, for use cases beyond security. I think that’s really important. As we go further and further into the DevOps and the SecOps community, as well as IT and the CIO, we have more and more use cases. I’ll take a great example, Onum. Today, we talked a lot about Next-Gen SIEM and the pipeline and those sort of things. Guess what? You can do any data. They have plenty of customers that don’t even use security use cases.

They’re using it for pipeline data, right, of just log data wherever you want it. I think when you look at the opportunity, Onum also gives us entrée and the right to win in markets other than just core security, right? When you can own the data fabric within a company and how I call it the railroad tracks, you know, from one depot to the other, that’s an incredibly valuable piece. We can go into a large company and we can say, "Hey, all of your data moves around. It’s costing you a lot of money. You’re spending it with a whole bunch of multiple vendors. We can save a ton of money and consolidate there. Some of it you’ll put with us. Some of it you may put with some other folks that do different things. Great." Falcon for IT.

We are doing big displacements of some of the IT competitors that are out there because it’s all integrated, works. Mike talked about now the patching piece, which was an element that we just added. I think we’re in a great spot to go into adjacencies that make sense for us. We’re never going to go do things that are too far afield. If it has to do with data, if it has to do with kind of IT and, you know, AI and those sort of things that relate to what we believe we’re good at, we’ll enter that market. You’ve seen us do that over time.

Continuing on this trend, Andy.

Thanks, Andy Nowinski, Wells Fargo. You guys have had so much success with Falcon Flex. The two customer panels today, I think, both did a great job highlighting how much more they’re spending when they move to the Flex program. You only have 1,000 customers out of 75,000 organizations, I think, or 74,000 that you’re protecting. Yet they’re generating about 20% of your ARR. I’m wondering, how do you drive more customers to Flex? That seems to be the key to reaching your $20 billion ARR target you put out. As a quick follow-up to that, does M&A have to play a bigger role at CrowdStrike to get to that $20 billion?

Let me handle the Flex, and then we could talk about the other two pieces, really, Flex and M&A. On the Flex side, I think, as Mike mentioned, Burt and myself, we’ve said it for a while. The world of a Flex-only license model is not very far away. I will just say that. I keep telegraphing to people that it’s not that far away, right? It is the right model for customers. You heard the two customers. You saw the journey, and the numbers, you know, equate to what they actually said. That’s the way we’re going to get there. We were able to accelerate that a bit over the last year with CCP and those sort of things. Now there’s a natural renewal cycle that’s happening. As customers are buying more, every time they buy another module, it’s an opportunity.

It’s a touchpoint for us to go, "Okay, we need to move you to a Flex." That’s how we do that with the existing customer base. In terms of how do we get to the other $20 billion, you guys can.

Yeah, first off, I’ll start. We think about being opportunistic in our M&A, right? We talked about how we think about it. Great people, great tech. We’re never going to stop doing that, Andy. We’re going to go after looking for great people. We’re going to be looking for great tech. George mentioned that if there’s a bigger deal that is out there that makes sense to us, sure, we would look at that too. We’re always scouring the world. It’s actually Mike. Mike and his team were scouring the world to find great tech like Pangea and great tech and great people like Onum as well. Maybe you want to.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Yeah. I’ll go back to the Flex comment, Andy, because I think it’s super important. It just takes a little bit of time to train your field. It’s a different selling motion. We have to train the team on how to have the conversation, how to build the demand plans. You know, we rolled it out here in the U.S. You start, you have to take it locally. Then partnering with DB and his team, you got to train your partners. You got to enable your partners. Here’s the thing. Momentum is a wonderful thing. When a couple of salespeople start getting a bit of success, their friend on the left and the right, they want to do the same thing. Partners, you heard before, they’re starting to get their head around what Flex means. I think we’ve now got momentum in the industry. George said it really well.

People aren’t even bothering to come up with naming conventions. They just call it Flex. Customers are now pulling. They’re basically saying, "Hey, what’s my Flex contract?" We had two customer advisory boards this week, and customers are saying, "Will this be in Flex?" The amount of people that have said to me, "Onum’s part of Flex, right? Pangea is part of Flex." We’re like, "Yeah, absolutely. Pangea hasn’t closed yet, but Onum has closed. It’s part of Flex." That will come very, very quickly. To George’s point, when we’re telling our field, "Lend Flex," because you’re going to go to the pricing book. It’s going to be really thin, and it’s going to be simple, and it’s going to be a page on Flex. That’s kind of what we’re enabling everybody on.

Burt Podbere, Chief Financial Officer, CrowdStrike: We have echoed that to the partner base. Monday was partner symposium, 1,200 partners in the room, 20% more than last year. Flex, Flex, Flex. George was there to say the same thing.

I’ll invoke MC privilege at this point and address a question that a lot of you have been asking for quite some time, and it has to do with what’s been called core, right? For us, we get that question quite a bit, and I thought it was a great opportunity to just talk a little bit about it. First of all, we don’t see the—George and I and Mike have been talking about this forever, about the fact that, you know, we don’t see it that way, core and emerging products. We think about it as platform. It’s a platform sell. It starts by the fact that when we think about platform, some of our earlier modules, you’re needing some of them to do some of the later. You need some of them to make the other ones work. It could be, pick one, exposure management or identity.

You actually need that to work to make the other ones work. It’s very difficult to decouple it because it doesn’t actually make sense. I’ll leave you with three points or four points. One is when we think about, and when we think about the platform sale and you think about what we went through the last 12 months, the last 12 months was all about retaining our customers. We’ve given out a lot of stats about how many modules our customers adopt. 48% for six, 32% for seven, and 22% for eight. Those first five that we didn’t give out, those are some of those earlier margins. We talk earlier days about the big three, which is detection, prevention, and OverWatch. All those customers that we were talking about that we needed to retain, they’ve got those for the most part, right?

We were focused on keeping those customers, right? That’s number one. Number two, we’re still less than 20% penetration in the legacy EDR market, right? In modern endpoint, the 20%, less than 20%, we have this huge opportunity to go after the legacy EDR players. They’re all over the world. We have this huge opportunity to go after that, not to mention the remaining pieces that are owned by the so-called next-gen EDR players, which we’re taking share from them too. We have a huge opportunity to continue the penetration. Third, we think about being able to enter a customer’s environment in things other than EDR, Next-Gen SIEM or identity. It’s a huge opportunity for...

Shield.

Shield. These are Onum, you know, with Next-Gen SIEM. We have this opportunity to penetrate a customer’s environment with things other than EDR. It really starts to not make a whole lot of sense to be thinking about core versus non-core. It’s the platform. Finally, when I think about the first two things I talked about with respect to the last 12 months and respect to less than 20% penetration into the modern EDR, you think about this opportunity for us to look at where we were pre the outage, right? We have this opportunity to go after all these new logos and, you know, have, you know, think about, you know, where we were then and all the things that we can do to go on that path, right? For us, you know, I said it on stage before, the opportunity to go after new logos, great.

We’re really excited about, you know, the slide that I showed you in terms of where we are with penetration. I’m also really excited about that white space slide that I showed you guys. To get to the $20 billion, you know, we can get there without new logos, right? I get excited about those. I just wanted to put a finer point on how we think about our business. Maybe I’ll pass.

I think one, I’m going to pass it to DB, but one of the ones in terms of the new logos is what we did with Amazon Prime. I’m not sure if it, you know, went under the radar for everybody.

Yeah, just about two weeks ago, we announced it. We did a deal with Amazon. They have a service called Amazon Business Prime. You might know what Amazon Prime is, but for businesses, it’s called Amazon Business Prime. Included in the membership is Falcon Go. It’s our point and click, instant deploy, AV replacer for a massively underserved market. Already thousands of these have been redeemed. I mean, it’s awesome. We were able to monetize that with Amazon. It just proves the power of the partnerships we have and these partners wanting to take us to market. Look at Amazon, you know, largest hyperscaler in the world. We’re the security they want every small and medium business to have.

Yeah, I mean, they only get some, and obviously the idea is they’re going to buy more.

It’s an on-ramp, and then we’re going to do what we do, land and expand.

Exactly. Perfect.

Hopefully that was, you know, helpful for everybody. Let’s continue down the path. I see you next, Greg, so go ahead. Don’t worry, I’m staying behind. I’ll be there for you guys if I don’t get you.

Hi, it’s Greg Moskowitz from Mizuho. George, you mentioned earlier that you expect there’ll be $150 billion AI assets that will need to be managed. Today, you know, we’re hearing about agentic AI starting to take hold in pockets of the world, but AI security hasn’t been deployed much yet. This includes security, copilot, and workflow technology, which I would say the industry has yet to really monetize, even though you’re clearly in a relatively strong position with Charlotte AI, right? With that said, my question from an AI security monetization standpoint is, when will the floodgates open?

It’s a good question, the fact that when you look at AI itself, you know, a lot of people were, you have ChatGPT that comes out. You have the ChatGPT moment. Everybody’s like, "Okay, how do we use it?" You have this big explosion. People are like, "Okay, we can’t let everybody use it." They kind of build their own policies and guards. It’s pretty, it’s almost caveman what some of the companies are doing, to be honest with you. You have that piece. Then you have the, how do you leverage AI within your own business to make it, you know, to sell it or make it more efficient? I think as you see the adoption of AI agents, let me just start there, across different platforms, not CrowdStrike, but AI agents, they’re going to all need to have protection.

When that adoption goes up, and you heard me talk about sort of the hype and then the trough of disillusionment, and then, you know, everybody sort of optimized it. That’s really where you’re going to see a bunch of money be made. When people focus their use cases on what they can really save money and time and effort and flatten the hiring curve, they’re all going to need protection. With respect to, so that’s sort of the protecting the AI agents as they get deployed in production. The second part of your question was, what about Charlotte? We went through Charlotte as a little baby all the way to teenage years now, or beyond. Look at the innovation that we’ve driven in the platform. Look at what it can do. You heard, who was it? Tom? 6,000 hours? One of them was 6,000 hours.

6,000 hours, Tom.

Tom, 6,000 hours. I mean, now you’re starting to see it be realized. Now we have the ability to monetize these different AI agents as well. Some of them are with modules, but you can almost think of like another platform play with agents where you can then start monetizing all the agents within their subcategory. It is all to be seen. Again, we’re sort of a product too of how the AI adoption goes within the industry. We will be there to secure it, and we will be there to monetize it.

Rob Duhart, CISO, Oracle Cloud Infrastructure: I think one thing to add is you’re one significant cyber attack away from seeing people focus really quickly. Agents are now talking to agents. You can have a situation where these agents are accessing your calendar, they’re accessing business systems. When you are in a chat session with a very basic agent, it talks to other agents that kicks off workflow in the organization. Adversaries are working out how to use those in an offensive way. When we see something significant, you’re going to see that take off.

With that, I see the time ran out, and I know that all of you want George, Mike, and DB to be back with our customers and do what they do best. On behalf of George, Mike, DB, and myself, we want to thank you all for coming. We hope this was insightful, and I’m here to ask field questions after this is over. Thank you all very much.

Burt Podbere, Chief Financial Officer, CrowdStrike: Thank you.

Rob Duhart, CISO, Oracle Cloud Infrastructure: Thanks.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers
© 2007-2025 - Fusion Media Limited. All Rights Reserved.