 Welcome back to theCUBE's coverage of Falcon 22. I'm Dave Vellante with Dave Nicholson. This is day one of our coverage. We had the big keynotes this morning. Derek Jeter was one of the keynotes. We have a big Yankee fan here, George Kurtz, is the co-founder and CEO of CrowdStrike. George, thanks for coming on theCUBE. It's great to be here. Boston fan, you know, I tweeted out Derek Jeter. He broke my heart many times, but I can't hate on Jeter. You got to have respect for the guy. Well, I still remember I was in Japan when Boston was down by three games and came back to win. So I've got my own heartbreak as well. It did heal some wounds, but it almost changed the rivalry, you know? I mean, once it's kind of neutralized it, you know, it's just not as interesting. I mean, I'm a seasoned ticket holder. I go to all the games and Yankee games are great. A lot of, it used to be, you would never walk into Fenway Park with a pinstripes. And today, there's as many Yankee fans as there are Boston fans. Anyway, at Fenway, I mean, why did you start CrowdStrike? Biggest thing for me was to really change the game in how people were looking at security. And at my previous company, I think a lot of people were buying security and not getting the outcome that they wanted. I got acquired by a company, not my first company. So to be clear, and before I started CrowdStrike, I was in the antivirus world. And they were spending a lot of money with antivirus vendors, but not getting the outcome I thought they should achieve, which is to stop the breach, not just stop malware. And for me, security should be outcome-based, not sort of product-based. And the biggest thing for us was, how could we create the sales force of security that was focused on getting the right outcome, stopping the breach? And the premise, I've seen it. The unstoppable breach is a myth. CISOs don't live by that mantra, but you do. How are you doing on that journey? Well, I think, look, there's no 100% of anything in security, but what we've done is really created a platform that's focused on identifying and stopping breaches, as well as now extending that out into helping IT identify assets and their hygiene and basically providing more visibility into IT assets. So we talked about the convergence of that, maybe we'll get into it, but we're doing pretty well. And from our standpoint, we've got a lot of customers, almost 20,000 that rely on us day to day to help stop the breach. Well, and when you dig into the CrowdStrike architecture, what's so fascinating is, Dave, we've talked about this agent, bad. Well, not necessarily. If you can have a lightweight agent that can scale and support a number of modules, then you can consolidate all these point tools out there. You talked about in your keynote, your pillars, workloads, which really endpoints, ID, which we're going to talk about, identity data and network security. You're not a network security specialist, but the other three, you're knocking down. You guys went deep into that today. Talk about that. We did. Most folks are going to know us for endpoint and cloud workload protection and visibility. We did an acquisition almost two years to the day on preempt, and that was our identity play, identity threat protection and detection. And that really turned out to be a smart move because it's the hottest topic right now. If you look at all the breaches over the last couple years, it's all identity-based. Big talking points in our keynotes today. And then the third area is on data, and data is really the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity as well as understanding how you connect the dots and the data and where data flows? And that's really been our focus, and we continue to deliver on that for customers. And you've had a real dogma, I'll call it, about cloud native. I've had this conversation with Frank Slutman. No, we're not going to do a half-wayhouse. You, I think, said it really well today. I think it was you. You said if you've got on-prem and cloud, you've got two code bases that you've got to maintain. That's it, yeah. And that means you're taking away resources from one or the other. That's exactly right. And what a lot of our competitors have done is they started on-prem as an AV vendor, and then they took what they had and they basically put it in a cloud instance called a cloud, which doesn't really scale. And then where they need to, they basically still keep their on-prem and that just diffuses your engineering team and most of the on-prem stuff doesn't even have the features of what they're trying to offer from the cloud. So either you're cloud native or you're not, you can't be halfway. But it doesn't mean that you can't include and ingest on-prem data into your platform. And that's what I think most people, just for some reason, don't seem to understand. Well, our agents run wherever. They certainly run on-prem and they run in the cloud, they run wherever. But the crowd and the crowd strike is the fact that we can crowdsource this threat information at scale into our threat graph, which gives us unique insight, seven trillion events per week. And you can't do that if you're not cloud native. And that crowd gives the, we call it community immunity. We see all kinds of attacks across 176 different countries that benefit a cruise to all of our customers. But how do you envision and maintain and preserve a lightweight agent that can support so many modules as you do more acquisitions and you knock down new areas and bring in new functionality, go after things like operations technology. How is it that you're able to keep that agent lightweight? Well, we started as a platform company, meaning that the whole idea was, we're going to build a lightweight agent at first iteration of no security capabilities. It was collect data, get it into a common data architecture, our threat graph in one spot. And then once we had the data, then we applied AI to it and we created different workflows. So the first incarnation was, get data into the cloud at scale. And that still holds true today. So if you think about why we can actually have all these different modules without an impact on the performance is we collect data one time. It's a threat data. You know, we're not collecting user data, but threat data collection mechanism. Once we have all that data, then we can slice and dice and create other modules. So the new modules never have to even touch the agent because we've already collected the data. I'm going to just keep going, Dave. Unless you shut your way in. No, no, no, no. I'm waiting to count. But George, I need to ask you about a comment that you made about, we're not just shoving it into a data lake, but you are collecting all the data. Can you explain that nuance? So there's a difference between a collecting forward agent. It means they just collect a bunch of data, they'll probably store it in a lot of space on the endpoint. It's slow and cumbersome and then they'll forward it up into another data lake. So you have no context going into no context. Our agent is a smart agent which actually allows us to always track the context of all these processes and what's happening on the endpoint. And it's a mini graph, meaning we keep track of the relationships. And as we ship that contextual information to the cloud, we never lose that context. And then it goes into the bigger graph database always with the same level of context. So we keep the context of each individual workload or endpoint. And then across the cloud, we have the context of all of those put together. It's massive. And that allows us to create different insights rather than a data lake, which is you're creating a bigger needle stack looking for needles. And I'm envisioning almost an index that is super, super fast. I mean, you're talking about sub second, kind of near real time responses, correct? Absolutely. So a lot of what we do in terms of protection is already pushed down to the endpoint because it has intelligence and AI model. And then again, the cloud is always looking for different anomalies, not only on each individual endpoint or workload, but across the entire spectrum of our customer base. And that's all real time. It continually self-learns from all the data we collect. Go Dave, jump in. Yeah, when you've made these architectural decisions over time, there was a time when saying that you needed to run an agent could be a deal-killer somewhere for people who argued against that. You've made the right decision there, clearly. Having everything be crowdsourced into cloud makes perfect sense. Has that, though, posed a challenge from a sovereignty perspective? If you were deploying stuff on-prem all over the place, you don't need to worry about that. Everything is here in a given country. How do you address the challenges of sovereignty when these agents are sending data into some sort of centralized cloud space that crosses boundaries? Yeah, I guess what we would, let me go back to the beginning. So I started a company in 2011 and I had to convince people that delivering endpoint security from the cloud was going to be a good thing. You go into a Swiss bank and a bunch of other places and they're like, you're crazy, right? They all became customers afterwards, right? And you have to just look at what they're doing. And the question I would have in the early days is, well, let me ask you, are you using Dropbox, Box, are you using Microsoft? What are you using? Well, they're all sending data to the cloud. So good news, you already have a model. You've already approved that, right? So let's talk about our benefit. And you can either have an adversary steal your data or you can send threat data to our cloud, which by the way is in a lot of sovereign clouds that are out there. And when you actually break it down to what we're sending to the cloud, it's threat data, right? It isn't user files and documents and stuff, it's threat data. So we work through all of that and the cloud is bigger than CrowdStrike. So you look at a Salesforce, a ServiceNow, Workday, et cetera, that's being used all over the place, Box, Dropbox, we just tag onto it. Like, why shouldn't security be the platform of record and why shouldn't CrowdStrike be the platform of record and be the pillar of cloud security? Explain your observability strategy because you acquired Humio for, I think it was $400 million, which is this song. And then Reposify is the latest acquisition. I see that as an extension because it gives you visibility. Is that part of your security, of your observability play? Explain where you do play and don't play. Sure, well, observability is a big, is a, you know, fluffy word. Where we play is in probably the first two areas of observability, right? There's five kind of pillars. We're focused on event collection. Let's get events from the endpoints. Let's get events from really anywhere in the network and we can do that with Humio's now log scale. And then the second piece is with our agents, let's get an understanding of their, the asset itself. What is the asset? What state is it in? Does it have vulnerabilities? Does it have, you know, is it running at a disk space? Is it, does it have a performance issue? Those are really the first two kind of areas of observability. We're not in application performance. We're in, let's collect data from the endpoint and other sources. And let's understand if the thing is working, right? And that's a huge amount, that's a huge value for customers. And we can do that because we already have a privileged spot on the endpoint with our agent. Got it. Question on the TAM. Like I look at your TAMs, your charts, I love it, you know, but generally doing, we're taking known data from firms like IDC and saying, okay, we're going to play there. Now we're made this acquisition, we have new modules, now we're playing there. Awesome. I think you got a big TAM. And I guess that's the point. There's no lack of market for you. But I do feel like there's this unknown, unquantifiable piece of your TAM. IDC can't see it because they're kind of looking back, saying what the market to last year and we'll forecast it out. It's almost, you got to be a futurist to see it. How do you think about your total available market and the opportunity that's out there? Well, it's well in excess of 120 billion. And we've actually updated that recently. So it's even beyond that. But if you look at all the modules, each module has a discrete TAM. And again, for what we're focused on is, how do you give an outcome to a customer? So a lot of the modules map back into specific TAM and product categories. When you add them all up and when you look at, you know, some of the new things that we're coming out with, again, it's well in excess of 120 billion. So that's why we like to say like, you know, we're not an endpoint company. We're really a truly a security platform company that was born in the cloud. And I think if you see the growth rates and one of the things that we've talked about, I think you might have pointed out in prior podcasts is we're the second fastest company to $2 billion in annual recurring revenue, only behind Zoom. And you know, I would argue great company, by the way, customer, but that was a black swan event in a pandemic, right? So we were in rarefied air when you think about the capabilities that we have and the performance and the TAM that's available to us. The other thing I said in my breaking analysis was, because you guys aspire to be a generational company, I think you got a really good shot at being one, but to be a generational company, you have to have an ecosystem. So I'd love you to talk about the ecosystem of where you want to see it in five years. Well, it really is a good point and we are a partner first company. Ecosystem is really important. I know cameras probably can't see all the vendors that are here that are our partners, right? It's a big part of this show that we're at. Well, you see some vendors behind us. We have to realize in 2022, and I think that's something that we did well and it's my philosophy is, we are not the only game in town. We'd like to be, and we are, for many companies, the security platform or record, but we don't do everything. We've talked about network and other areas. We can't do everything. You can't be good and try to do everything. So for customers today, what they're looking at is best of platform. And in the early days of security, I've been in it over 30 years. It used to be best of breed products. Then it was best of suite. Now it's best of platform. So what do I mean by that? It means that customers don't want to engineer their own solution. They, like Lego blocks, they want to pull the platforms and they want to stitch them together via API and they want to say, okay, CrowdStrike works with Okta, works with Zscaler, works with Proofpoint, et cetera. And that's what customers want. So ecosystem is incredibly important for us. Explain that. You mentioned Okta, I had another question for you. I was at Reinforce and I saw this better together presentation, CrowdStrike and Okta, talking about identity. You've got an identity module. Explain to people, oh, you're not competing with Okta. You guys complement each other there. Well, an identity kind of broker, if you will, is basically what Okta does and others, right? So you log in, single sign on and you get access. They broker access to all these other applications. That's not what we do. What we do is we look at those endpoints and workloads and domain controllers and directory services and we figure out are there vulnerabilities and are there threats associated with them and we call that out. The second piece, which is critical, is we prevent lateral movement. So if credentials are stolen, we can prevent those credentials from being laundered or used and move laterally, which is a key part of how breaches happen. We then create a trust score on those endpoints and workloads and we basically say, okay, do we think the trust on the endpoint and workload is high or low? Do we think the identity, is it Georgia on the endpoint or not? We give that a score and we pass that along, doctor or ping or whoever, and they then use that as part of their calculus in how they broker access to other resources. So it really is better together. So your execution has been stellar. This is my competition question. You obviously have competition out there. I think architecturally you've got some advantages. You have a great relationship with AWS. I don't know what's going on with Google, but Kevin's up on stage. They're now a part of Google. We have a great relationship with them. Microsoft obviously competitor. You obviously do some things in Azure. Are you building the security cloud? We are. We think we are because when you look at the amount of data that we actually ingest, when you look at companies using us for critical decisions and critical protection, not only on their on-prem, but also in their cloud environment and the knowledge we have, we think it is a security cloud. You had Salesforce and Workday and Service Now and each of them had their respective clouds. When I started the company, there was no security cloud. It wasn't any of the companies that you know, it wasn't the firewall companies, it wasn't the AV companies. And I think we really defined ourselves as the security cloud. And the level of knowledge and insights we have in our cloud, I think are world-class. But you know, it's a difference with those, you mentioned those other seminal clouds. They, like Salesforce, Workday, they're building their own clouds, maybe not so much Workday, but certainly Salesforce and Service Now built their own clouds, their own data centers. You're building on top of hyperscalers, correct? Well, you have your own data centers, too. We have our own data centers. Yeah, so when we first started, we started in AWS as many do and we have a great relationship there. We continue to build out. We are a huge customer. And we also have, you know, with data sovereignty, no sort of things. We've got a lot of our sort of data that sits in our private cloud. So it's a hybrid approach and we think it's the best of both worlds. Okay, and you mean you can manage those costs and how do you make the decision? Is it just sovereignty or is it cost as well? Well, there's an operational element, there's cost, there's a lot that goes into it. And at the end of the day, we want to make sure that we're using the right technology and the right clouds to solve the right problem. Well, George, congratulations on being back in person. That's got to feel good. It feels really good. You got a really good audience here. I don't know what the numbers are, but there's many thousands here at the ARIA. Really appreciate your time and thanks for having theCUBE here. You guys built a great set for us. We appreciate all you do. I enjoy your programs and I think hopefully we've given the audience a good idea of what CrowdStrike's all about, the impact we have and certainly the growth trajectory that we're on. So thank you. All right, George Kurtz, Dave Vellante for Dave Nicholson. We're going to wrap up day one. We'll be back tomorrow first thing in the morning, live from the ARIA. We'll see you then.