CrowdStrike: Fundamental Analysis and Growth Forecast

Investors are shifting focus. After last year’s AI boom sent chip stocks soaring, tariff headwinds and rising competition have cooled the category.

Now, attention is turning to software—the next big AI play.

That shift has put CrowdStrike (CRWD) in the spotlight. As an AI-native cybersecurity leader, its threat detection helps businesses stop breaches in real time. But it hasn’t been a smooth ride. A massive IT outage in July 2024 caused widespread disruption, forcing the company into damage control.

Despite the setback, CrowdStrike recently hit a new all-time high, briefly touching a $110 billion valuation—before its latest earnings sent shares tumbling this week.

1. CrowdStrike Q4 FY25

CrowdStrike Falcon is a cloud-native security platform that protects endpoints (laptops, servers), cloud workloads, identities, and data.

Lightweight agent: A single agent is installed on every device, requiring no constant updates or reboots, making it easy to deploy and manage at scale.
Threat intelligence: Continuously updated threat intelligence detects and blocks attacks before they happen, using machine learning to predict and prevent breaches in real time.
EDR (Endpoint detection and response): Detects and automatically responds to malware, ransomware, and phishing attempts, ensuring instant protection on all endpoints.
XDR (Extended detection and response): Expands beyond endpoints to analyze cloud workloads, network activity, and identity behavior, providing full visibility into security threats.

Unlike traditional security solutions, Falcon doesn’t rely on signature-based detection. Instead, it harnesses AI and automation to stay ahead of emerging threats.

Key metrics:

Let’s define a few terms:

ARR (Annual Recurring Revenue): The annualized value of all recurring customer contracts, a core indicator of CrowdStrike’s growth. ARR grew +23% year-over-year to $4.24 billion in Q4, driven by strong customer adoption.

Dollar-Based Net Retention (DBNR): Measures how much revenue existing customers generate over time, including upsells. It was 112% in Q4, below the ~120% expected for FY25 due to credits and discounts issued after the IT outage.
Gross retention rate: Tracks how many customers stay with CrowdStrike (maximum = 100%). It held steady at 97% in Q4, showing customers are not abandoning CrowdStrike despite the IT debacle.
Modules: Individual services within CrowdStrike Falcon. Multi-module adoption is crucial for ARR growth as customers expand their usage over time.

CrowdStrike’s strategy revolves around its lower Total Cost of Ownership (TCO)—not just in software costs but in time and expenses saved by using a unified platform.

New customers start with nearly five modules on average, and in Q4, 21% of customers used eight or more—a strong indicator that existing customers continue to invest deeper into the platform.

Income statement:

Revenue grew +25% Y/Y to $1,059 million ($20 million beat).
Subscription grew +27% Y/Y to $1,008 million.
Professional services grew +2% Y/Y to $50 million.
Gross margin was 74% (-1pp Y/Y).
Operating loss margin was -8% (-12pp Y/Y).
Non-GAAP operating margin was 21% (-4pp Y/Y).
Non-GAAP EPS $1.03 ($0.17 beat).

Cash flow:

Operating cash flow was $346 million (33% margin).
Free cash flow was $240 million (23% margin).

Balance sheet:

Cash and cash equivalent: $4.3 billion.
Long-term debt: $0.7 billion.

Guidance (mid-range):

Q1 FY26: Revenue +20% Y/Y to $1.10 million (slightly short of consensus). Non-GAAP EPS ~$0.65 ($0.31 miss).
FY26: Revenue +21% Y/Y to $4.78 billion (slightly ahead of consensus). Non-GAAP EPS ~$3.39 ($1.04 miss).

So what to make of all this?

Net new ARR remains a key metric for momentum. It was $224 million (+23% Y/Y), a step down from last year’s $282 million, but already a strong rebound after the outage’s impact on new deals and customer credits in Q3 FY25. Management reaffirmed a target of $10 billion in ARR by FY31, with ARR set to re-accelerate in the second half of FY26 and beyond.

Customer Commitment Package unwinds. The company is phasing out its CCP—a program launched after last year’s outage—which temporarily impacted ARR and margins. Leadership remains bullish on second-half growth as these short-term discounts roll off.
Impressive quarter, but weak guidance. CrowdStrike delivered large beats on the top and bottom line for Q4 FY25. But guidance was the sticking point—next quarter’s earnings forecast came in well below expectations, leading to a sell-off. The profitability miss in FY26 was primarily due to sales & marketing costs associated with the CCP and amortized over a year.
Margins and cash flow remain strong. Adjusted operating income grew 27% year-over-year. The company reported a record free cash flow of $1.1 billion for the full year FY25, highlighting the strength of its business model.
Getting worse before it gets better. Q1 FY26’s cash flow will include ~$73 million of outage-related costs, including sales compensation and flexible payment terms. Management expects to return to GAAP profitability by Q4 FY26 and expand the adjusted operating margin to 23% in FY27.

Bottom line: The business fundamentals remain strong, but the market didn’t like the near-term margin impact. CrowdStrike is investing in future growth, betting on AI-driven security demand—but near-term profitability remains impacted by outage-related costs.

2. Recent developments

Leadership Recognition

Gartner’s Magic Quadrant: In July 2024, CrowdStrike was named the leader in Endpoint Protection Platforms, outranking Microsoft and all competitors in execution and vision.

FedRAMP Authorization: Falcon Next-Gen SIEM, Falcon for IT, Falcon Data Protection, and Falcon Exposure Management received FedRAMP certification, expanding its federal market reach.
Gartner Peer Insights: 96% of customers recommend CrowdStrike for Managed Detection and Response as of September 2024.
Forrester Wave: Crowdstrike was named a leader in Managed Detection And Response Services in Q1 2025.

Why it matters: Despite the July 2024 outage, CrowdStrike maintained its leadership position in cybersecurity, continuing to gain industry recognition and expand its product certifications.

Still Acquisitive

CrowdStrike aggressively acquires companies to enhance its multi-module platform, a strategy mirroring Microsoft and Salesforce.

Key acquisitions shaping CrowdStrike’s future:

Payload Security (2017): Automated malware analysis sandbox.
Preempt Security (2020): Zero-trust and real-time access control ($96M).
SecureCircle (2021): Cloud-based data security solution.
Humio (2021): High-speed log management & observability ($400M).
Reposify (2022): Threat detection for IoT devices.
Bionic (2023): Cloud security management ($350M).
Flow Security (2024): Data security posture management (DSPM) ($200M).
Adaptive Shield (2024): SaaS security posture management (SSPM) for cloud apps ($300M).

Why it matters: CrowdStrike’s acquisition spree is a core part of its strategy, expanding its cloud and AI-powered cybersecurity offerings. This keeps it ahead of legacy competitors while strengthening module adoption.

3. Key quotes from the earnings call

CEO George Kurtz:

“Everyone loves a comeback story, and that’s exactly what we’ve started experiencing in Q4 as we’ve closed out the year. The results tell our story. One, we’ve never been closer to our customers and partners with market-leading customer satisfaction levels. Two, we’re playing best-in-class defense as well as offense with our Falcon Flex subscription model. And three, our innovation engine hasn’t missed a beat.”

CrowdStrike is in recovery mode. After last summer’s IT outage, the company is gaining momentum with strong customer engagement, growing adoption of its Falcon Flex model, and continued innovation.

On the CCP:

“With the summer now several quarters behind us, we’re ending our customer commitment package program. The CCP program was an excellent proactive measure, which not only built our relationship with impacted customers, but also resulted in significant platform adoption. This uptake gives me confidence in our second-half net new ARR reacceleration as products are deployed, one-time discounts drop off, and contracts are upsized and renewed.“

Short-term pain, long-term gain. Ending the CCP program means CrowdStrike will no longer offer discounts to customers impacted by the outage. This sets the stage for ARR reacceleration in the second half of FY26.

On AI integration:

“CrowdStrike is cybersecurity’s AI-native SOC. Our greatest asset is our role as the creator of cybersecurity’s richest data. We’ve curated this dataset with millions of Falcon Complete analyst annotations, making threat data contextualized and actionable. No one else has this. Our data is liquid gold for creating new agentic models for continuously improving protection.”

Data is the moat. CrowdStrike isn’t just selling software—it’s leveraging a massive dataset to make its AI-driven security platform smarter and harder to replicate.

On current tailwinds:

“We find ourselves placed at the epicenter of a rapidly evolving demand environment. A new administration, a new wave of technology, and a new threat landscape necessitate all businesses to evolve their cybersecurity programs. Consolidation, cost reduction, and automation are now the accepted enterprise and federal priorities..”

Cybersecurity spending isn’t slowing down. As AI threats grow, enterprises and governments are making cybersecurity a top priority, driving demand for CrowdStrike’s consolidated platform.

On Falcon Flex:

“Falcon Flex is a subscription model that enables customers to adopt the modules they want across their subscription term. This model deeply resonates with prospects and customers as well as our ecosystem partners.”

Flex customers adopt more than nine modules on average. Management provided updates on three fast-growing modules:

Cloud Deployed: $600 million in ARR (> 45% growth Y/Y).
Identity Security: $370 million in ARR (> 20% growth Y/Y).
Logscale Next-Gen SIEM: $330 million in ARR (> 115% growth Y/Y).

Combined, these three modules grew nearly 50% Y/Y.

On customer wins:

“In Q4 alone, we’ve closed new records in every total deal value segment. Over 20 deals greater than $10 million, over 350 deals greater than $1 million, over 2,300 deals greater than $100,000 and that was all in Q4.”

This momentum is a critical component of management’s expectations for ARR re-acceleration.

On the go-to-market strategy:

“We recently announced being the first cybersecurity ISV to achieve more than $1 billion in sales on the AWS marketplace in one calendar year. We also had a noteworthy year with Google Marketplace, where in our first year of partnership, we did over $150 million in deal value out of the gate. We’ve aligned our partner ecosystem around hyperscaler marketplaces where we see larger deal sizes and faster deal cycle times.”

The fact that CrowdStrike’s sales through AWS Marketplace doubled in just over a year shows how cloud-based cybersecurity solutions are gaining momentum. This partnership strength gives CrowdStrike a powerful sales channel beyond traditional enterprise sales.

Customers are encouraged to go ‘all-in’ with Falcon to save costs, and hyperscalers play a critical role in facilitating this. Many come through SIs (System Integrators) like Accenture or Deloitte Consulting.

CFO Burt Podbere on the outlook:

“Our visibility is improving. We expect net new ARR reacceleration as well as operating margin and free cash flow margin expansion in the second half of FY26. We believe this momentum will set the stage for further acceleration in FY27 over FY26 and position us well to achieve our long-term targets […] as we scale the business to our goal of $10 billion of ending ARR by FY31.”

Given that this management team consistently beats its guidance, ARR could grow in the mid-20s CAGR in the next five years.

4. What to watch looking forward

CrowdStrike’s Play for the ‘Security Cloud’

CrowdStrike has consistently positioned itself as the defining “Security Cloud” aiming to mirror the success of category-defining platforms:

Workday (HR Cloud)
Salesforce (CRM Cloud)
ServiceNow (Service Management Cloud)

The company was GAAP profitable before the 2024 outage and expects to regain profitability by January 2026. With revenue growth in the mid-20s, CrowdStrike is on track to scale into strong profitability—just like its cloud predecessors.

Public cloud software companies often operate unprofitably for years, but history shows that once the focus shifts to the bottom line, margins can expand rapidly (see Workday below). With highly predictable subscription revenue and efficient unit economics, CrowdStrike is building what could become a cash flow machine at scale.

Valuation: How Much is Too Much?

CrowdStrike is currently trading at:

~18x forward EV-to-revenue, among the highest in software, trailing only Palantir (PLTR) and Cloudflare (NET).
~72x forward EV-to-EBITDA, reflecting strong growth expectations.

By traditional metrics, this looks expensive. But best-in-class businesses rarely trade cheap—investors often pay a premium for dominant, high-growth platforms.

Take Salesforce in 2013—unprofitable, growing in the high 20s, and generating ~$4 billion in revenue. Back then, it traded at 9x revenue and over 50x free cash flow. Many saw it as overvalued, yet those who invested tripled their money in five years.

History suggests that in high-quality software businesses, the duration of growth matters more than the valuation multiples at any given moment.

The Big Picture

Despite outage headwinds, CrowdStrike has proven its resilience—and the stock has followed. The company continues to drive multi-module adoption and expand its market presence.

For long-term investors, the next five years matter more than the next five months. And if history is any guide, the path forward looks up and to the right.

Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.

Source:

Crypto Capital Of The World? Trump’s Bitcoin Reserve Plan Sparks Debate

Next S&P 500 Inclusion Coming: Here are Potential Stock Additions

Congress Trading: A Spotlight on Ecolab (ECL)

Trump’s Bitcoin Reserve: A Game-Changer or a Market Shock?

TSMC and Intel Investments at Risk as Trump Targets $52B CHIPS Act

What Analysts Think of Broadcom Stock Ahead of Q1 Earnings?

What Analysts Think of BigBear.ai Stock Ahead of Earnings?

The 10 Stocks Hedge Funds Love—and Hate—the Most

Why Is the Stock Market Still Panicking after Nvidia Strong Earnings…?