CRWD: guides Back-Half ARR +40%—valuation Still Justified or Getting Pricey?
Deep Dive into $CRWD: Valuation, Segment Growth, Key Metrics, Profitability, Expenses, Product Launches, Customer Acquisition, Financial Stability, SBC/Revenue, and Shareholder Dilution.
CrowdStrike posted a strong Q2 with accelerating revenue growth, while management guided to FY26 ending ARR of >22% and implied back-half net new ARR growth ≥40% YoY—a clear reacceleration signal. CrowdStrike is pressing its advantage: higher R&D spend, a burst of product launches, and durable platform stickiness after the July 19 incident. Yet ARR growth trails revenue and the PEG reads rich while SBC touched 25%—is multiple compression a risk? Read on.
Table of Contents:
1. Company Overview – A brief summary of the company, including its mission, sector, competitive advantage, and total addressable market (TAM).
2. Valuation – Analysis of changes in Forward EV/Sales and Forward P/E multiples, along with comparisons to peers within the same sector.
3. Economic Moat – Evaluation of the company’s moat across five key types: Economies of Scale, Network Effect, Brand, Intellectual Property, and Switching Costs.
4. Revenue Growth – Review of revenue growth dynamics over the past two years.
5. Segments and Main Products – Overview of the company’s business segments, latest quarterly performance by segment, product innovation, and revenue growth by region.
6. Market Leadership – Assessment of the company’s leadership status in its segment, as recognized by reputable rating agencies like Gartner, The Forrester Wave, etc.
7. Customers – Analysis of customer growth trends, customer success stories, and major customer wins.
8. Key Performance Indicators (KPIs) – Review of ARR growth, net new ARR, CAC payback period, RDI score, profitability, operating expenses, balance sheet strength, and shareholder dilution.
9. Conclusion – Final thoughts and summary based on the above analysis.
1. Company overview
About CrowdStrike
CrowdStrike, is a U.S.-based cybersecurity company founded in 2011 and headquartered in Austin, Texas. It specializes in endpoint security, threat intelligence, and cyberattack response through its cloud-native Falcon platform. The company went public in June 2019 at an IPO. It serves over 23,000 enterprise customers across 176 countries, including 65% of Fortune 500 companies.
Mission and Vision
CrowdStrike‘s mission is clear: “stop breaches.” CrowdStrike centralizes its vision on proactive protection against evolving cyber threats, using continuous innovation and advanced technology to safeguard organizations worldwide. CEO George Kurtz states the purpose simply: the company exists to stop breaches, which shapes product focus, customer relationships, and corporate strategy.
Industry Position
CrowdStrike holds a strong position in the endpoint protection market, consistently ranked in the Gartner Magic Quadrant. It has a 12.4% share of the endpoint security market and 5.9% in cloud security. The Falcon platform processes over 1.8 trillion signals daily, maintaining 99.8% threat detection accuracy and sub-250 millisecond response times.
Competitive Advantage
The company’s core advantage is its cloud-native, single-agent architecture, which enables deployment of 28 interoperable modules without additional integration or system reboot. The Falcon Flex licensing model has generated over $500 million in deal value within three quarters. High adoption continues, with a 95% year-over-year increase in deals involving eight or more modules in Q1 2025.
Total Addressable Market (TAM)
CrowdStrike’s total addressable market (TAM) has increased fivefold since its IPO, reaching $116 billion in 2025, up from $76 billion. The company expects TAM to grow to $225–250 billion by 2028–2029, implying a CAGR of 21–22.8%. Key drivers of this expansion include the organic growth of the cybersecurity industry and CrowdStrike’s expansion into adjacent markets.
Newer offerings, such as cloud security, identity protection, SIEM, and Charlotte AI, already contribute 28% of recurring revenue, with triple-digit growth rates. Management targets $10 billion in annual revenue by FY2031, a figure supported by current market share and momentum. The company’s entry into high-growth categories like SIEM, data protection, and security automation provides a long runway for future expansion.
2. Valuation
$CRWD is trading at a Forward EV/Sales multiple of 22.3, higher than the median of 19.0.
After the July 19, 2024 incident, both the stock price and valuation multiple dropped significantly, but the Forward EV/Sales has now rebounded to pre-incident levels.
It’s also worth noting that CrowdStrike has historically traded at a premium, supported by high valuation multiples.
$CRWD CrowdStrike trades at a Forward P/E of 114.5, with revenue growth of +21.3% YoY in the last quarter. This forward P/E ratio is 5.4 times the anticipated revenue growth rate.
The EPS growth forecast for 2026 is 30.0%, with a P/E of 129.3 and a PEG ratio of 4.3.
According to PEG ratio valuation is high.
The PEG (Price/Earnings to Growth) ratio is a key tool for evaluating growth stocks, introduced by Peter Lynch.
PEG < 1: Undervalued – A ratio below 1 suggests the stock is undervalued. For example, if the P/E is 15 and earnings are expected to grow by 20%, the PEG would be 0.75, indicating a good buying opportunity.
PEG = 1: Fair Value – A PEG of 1 means the stock price matches its growth expectations, representing fair value.
PEG > 1: Overvalued – A PEG above 1 indicates the stock may be overvalued, as its price is higher than its projected growth rate, making it riskier.
Valuation comparison
Analysts’ revenue growth forecast for $CRWD in 2025 is +23.4% and +21.9% YoY in 2026. Considering this forecast, CrowdStrike is trading at a premium based on the EV/Sales multiple, which appears fair when compared to other companies in the cybersecurity sector. Whether the current high premium is justified will be explored below.
Analysts expect strong revenue growth, so let’s examine the key metrics to determine whether these expectations are justified.
We’ll evaluate the company’s economic moat, which supports long-term revenue growth, analyze revenue trends and the forecast for next quarter, and identify key factors that could help the company exceed expectations and sustain future growth.
We’ll assess the performance of key segments, the launch of new products and updates, customer acquisition growth, key financial metrics, financial stability, and margin trends.
Additionally, we’ll review the SBC/Revenue ratio, shareholder dilution, and finally, draw conclusions on the company’s outlook.
3. Economic Moat
Economic Moats enable companies to remain stable during crises and support long-term revenue growth.
Economies of Scale
CrowdStrike benefits from strong economies of scale through its cloud-native architecture. The Security Cloud processes over 6 trillion events per week and stores more than 15 petabytes of data. With over 23,000 enterprise customers, fixed costs are spread efficiently across a large base. The platform offers a lower Total Cost of Ownership (TCO) compared to competitors by consolidating cybersecurity functions into a unified solution, reducing both software spend and operational overhead. As new customers and modules are added, incremental costs remain minimal relative to revenue, contributing to margin expansion and improving unit economics over time.
Network Effect
CrowdStrike’s network effect is one of the most powerful in cybersecurity. Its cloud-scale AI leverages crowdsourced threat data from its global customer base to improve real-time protection across the entire platform. The Threat Graph makes over 150 million indicator-of-attack decisions per minute and stops more than 75,000 breaches annually. When a threat is detected in one environment, all customers benefit instantly. With each new customer, platform utility increases, reinforcing a self-reinforcing security loop. This network effect is significant and scales with growth, creating a durable competitive advantage.
Brand Advantage
CrowdStrike is a recognized leader in endpoint protection, serving 65% of Fortune 500 companies. Despite a major outage in July 2024 that impacted 8.5 million Windows devices, the company retained its client base, underlining its brand resilience. CrowdStrike maintains leadership positions in industry benchmarks, including Gartner’s Magic Quadrant. The Falcon platform is often a default inclusion in enterprise RFPs, especially for cloud-native security solutions. The brand moat is strong, though competitive pressure in the sector remains high.
Intellectual Property
CrowdStrike’s technological foundation is protected by a growing intellectual property portfolio. The company holds numerous patents, with new ones granted as recently as June 2024, covering key areas like AI-driven threat detection and endpoint protection. The Falcon platform and Threat Graph are proprietary assets that differentiate the company from competitors. Backed by a robust R&D investment of $1,248 million in the past year, the IP advantage is solid, though the fast-moving nature of cybersecurity reduces the longevity of technical advantages.
Switching Costs
CrowdStrike’s unified architecture and modular platform design create high switching costs. Customers use an average of nearly five modules, and 23% of customers deploy eight or more. Migrating away would require replacing multiple integrated systems, retraining staff, and absorbing significant downtime and cost. The platform’s impact is reflected in a 98% gross retention rate, indicating both low churn and strong expansion. These switching costs represent one of CrowdStrike’s most defensible moat characteristics, locking in long-term customer value.
CrowdStrike’s economic moat combines economies of scale, network effects, brand strength, intellectual property, and high switching costs, securing its position in the cybersecurity market and supporting long-term growth.
4. Revenue growth
$CRWD revenue growth slowed compared to last year, impacted by the July 19 incident, but has since re-accelerated to +21.3% YoY.
If the company beats its Q3 forecast by 1.5%, similar to the Q2 beat, Q3 revenue growth could reach +22.4%, signaling further acceleration.
ARR growth slowed to +20.5% YoY, falling below revenue growth, while RPO growth was much stronger at +46.9% YoY.
Billings growth also accelerated to +24.8% YoY, outpacing overall revenue growth — a positive leading indicator for future quarters.
5. Segments and Main Products
CrowdStrike operates through two primary segments: Subscription and Professional Services. The Subscription segment includes cloud-based endpoint protection and threat intelligence services sold on a recurring basis. Professional Services provides consulting and training to help customers implement, manage, and optimize their security operations.
The Falcon platform is a cloud-native, single-agent architecture that delivers real-time detection and automated protection. It combines telemetry, threat intelligence, and behavioral analysis to efficiently identify and stop breaches. Falcon offers rapid deployment, low overhead, and immediate time-to-value across global infrastructures.
Falcon Endpoint Security protects laptops, desktops, and servers using unified next-gen antivirus, EDR, IT hygiene, threat hunting, and intelligence. The all-in-one agent provides continuous and comprehensive breach prevention.
Falcon Cloud Security delivers a cloud-native application protection platform (CNAPP) with breach prevention, workload protection, and cloud security posture management (CSPM). It integrates agent-based and agentless protection across all major cloud providers and operating systems.
Falcon Exposure Management enables advanced vulnerability assessment and network vulnerability management, displacing legacy tools. It’s on track to generate $300M in annual recurring revenue.
Falcon Identity Protection secures access controls and user identities, preventing credential-based and insider attacks. Recent upgrades include support for Microsoft Entra ID, expanding enterprise protection.
Charlotte AI, launched in 2023, is a conversational AI assistant embedded in Falcon. It helps analysts work up to 75% faster, saving roughly 2 hours daily through natural language interaction and automation.
Next-Gen SIEM, introduced in 2025, modernizes security event management with cloud-native architecture and AI-driven analytics. It enables real-time detection, petabyte-scale investigation, and high-speed threat hunting, supported by a Services Partner Program to help enterprises migrate from legacy SIEM systems.
Main Products Performance in the Last Quarter
$CRWD Revenue by Segment: 94.4% of the company’s revenue comes from Subscription, while 5.6% is from Professional Services.
Subscription revenue growth slowed to +20.1% YoY in Q2, with the gross margin remaining high at 80.2%.
Professional Services showed signs of recovery, growing +44.8% YoY after a decline in Q3 2024, although the gross margin increased to 34.4%.
Falcon Platform
Net new ARR: $221M (record Q2), ending ARR: $4.66B (>20% YoY). Revenue: $1.17B. Operating margin: 22%, FCF: $284M (24% of revenue). Platform consolidation deepened: over 800 customers now exceed $1M in ARR; deals >$10M doubled YoY. Management raised confidence: back-half net new ARR ≥40% YoY and FY26 ending ARR growth >22%. CCP/partner programs reduce ARR-to-revenue by $10–15M per quarter through Q4 while sustaining retention.
Falcon Flex / Reflex. Passed 1,000 Flex customers, up +220 in Q2; the average Flex customer exceeds $1M in ending ARR. Utilization remains strong at >75%. Reflex (early renew/expand) now represents ~10% of the Flex base, doubling this quarter. Reflex cohorts drive ~50% uplift in ending ARR, including one lighthouse 8-figure Reflex deal with a Fortune 500 software firm replacing legacy and hyperscaler SIEM and adopting Charlotte.
Expanded Falcon Next-Gen Identity adds FalconID phishing-resistant, passwordless FIDO2 MFA, enhanced privileged access for AD/Entra ID, and identity-driven case management in Falcon Next-Gen SIEM—covering human, machine, and AI agent identities across hybrid environments.
New Falcon Data Protection delivers real-time safeguards across endpoint, cloud, SaaS, and GenAI. Coverage now includes local apps and runtime cloud, and adds AI discovery for shadow AI, LLM-powered data classification, insider threat detections, and 10x broader cross-domain detection coverage.
Charlotte AI
Adoption surged. +85% QoQ growth vs Q1. Embedded across Falcon to run end-to-end autonomous workflows. Cuts investigations from days to hours; drafts reports; acts as Tier-1 analyst. Flywheel strengthened via MDR (Falcon Complete) and threat intel data—management frames this as a compounding reinforcement learning moat.
Charlotte AI AgentWorks integrates NVIDIA Nemotron models so analysts can build custom, no-code security agents using Falcon telemetry and NVIDIA acceleration; Falcon extends protection and governance to agents built with NVIDIA NeMo, enabling secure, scalable agentic AI across enterprises.
Next-Gen SIEM
Reacceleration story. ARR >$430M, >95% YoY growth. Displacements driven by pricing model: first-party CrowdStrike data not charged, customers pay mainly for third-party ingest. Large wins include 7-figure legacy SIEM rip-and-replace. Guidance calls Next-Gen SIEM the “engine” of the modern SOC.
Partners & Marketplace
Ecosystem became a growth lever. >60% of Q2 new business was partner-sourced. Red Canary migrating 100k+ endpoints to Falcon in a multimillion-dollar deal. Amazon Business Prime now bundles Falcon Go, unlocking the sub-100-seat TAM. NVIDIA integration extends protection across 100k+ LLMs via Falcon Cloud Security + NVIDIA NIM/Nemo Safety.
FedRAMP High Authorization
No reference in the provided text. Management only noted U.S. Federal remains small today but is a meaningful opportunity with needed certifications in place; timelines are long-cycle.
Identity
Next-Gen Identity Protection now covers non-human identities, SaaS apps, and AI agents. Including Falcon Shield, identity ARR >$435M, +21% YoY. New PAM offering launched; early replacement wins where legacy tools were costly and stitched-together.
Cloud Security
Runtime-first posture resonated. Cloud ARR >$700M, +35% YoY. Fortune 500 win consolidated 10+ tools across CNAPP, CSPM, ASPM, CDR, container security. ASPM natively integrated; months of manual work reduced to minutes.
Innovations & Product Updates
Unified, AI-native push across the stack.
Charlotte expanded to autonomous SOC workflows.
Next-Gen Identity Protection broadened to NHIs, SaaS, AI agents; PAM introduced.
Falcon Cloud Security integrated ASPM and NVIDIA’s LLM stack.
Exposure Management added agent-powered network scanning.
Next-Gen SIEM fused with ONEM for real-time, in-pipeline detection and cheaper, faster ingest.
Commercial expansion via Falcon Go for SMB through Amazon Business Prime.
Introduction of the Agentic Security Platform with an AI-ready data layer (Enterprise Graph), Charlotte AI AgentWorks no-code agent builder, MCP-based multi-agent orchestration, and a persona-aware console—uniting data, intelligence, agents, and governance.
Launch of Threat AI, a system of autonomous agents that reason, hunt, and act across the kill chain. Initial agents: Malware Analysis (instant reversing, attribution, YARA generation) and Hunt (continuous proactive scans with actionable findings). Includes a browser extension for in-workflow intel.
Acquisition
Announced intent to acquire ONEM (data-pipeline platform). Strategic fit: stateless in-memory architecture accelerates onboarding and brings in-pipeline detections to third-party data. Management targets 5× more events/sec vs nearest peer, 50% lower storage costs, ~70% faster incident response with ~40% less ingestion overhead. ONEM + Next-Gen SIEM aims to shift detection earlier in the pipeline and give customers data control.
CrowdStrike will acquire Pangea to secure the full AI lifecycle—data, models, agents, identities, infrastructure, interactions—introducing AIDR that blocks prompt injection/jailbreaks with up to 99% efficacy at sub-30 ms latency and governs workforce AI usage end to end.
Leadership
CrowdStrike appointed Amjad Hussain as Chief Resilience Officer, reporting directly to CEO George Kurtz. The role is designed to embed resilience, performance, and reliability across the platform and operations while shaping new industry best practices in cybersecurity.
Hussain brings 25+ years of engineering and operational leadership, most recently as CTO at Vanilla, and previously held senior roles at AWS and Microsoft, driving large-scale innovations in cloud, security, and infrastructure.
Revenue by Region
The United States accounts for 67% of $CRWD total revenue, making it CrowdStrike’s largest market, with revenue growing +20% YoY in Q2.
The EMEA region contributes 16% of total revenue and is growing at +27% YoY.
The APAC region contributes 10%, with a growth rate of +20% YoY.
Revenue from Other regions makes up 7% of total revenue and is growing at +27% YoY.
Revenue growth in EMEA and the United States accelerated compared to Q1, with EMEA and Other regions outpacing the company’s overall revenue growth rate.
6. Market Leadership
CrowdStrike was named a Leader in The Forrester Wave: MDR Services, Q1 2025, receiving the highest Strategy score and top marks in Detection Surface, Threat Hunting, and Investigation.
Its Falcon Complete Next-Gen MDR reduces over 40 hours of manual work per week through AI automation and achieves 98% decision accuracy. Charlotte AI Triage enhances multi-layered threat detection across endpoints, identity, and cloud.
Independent evaluations underscore CrowdStrike’s operational advantage, with detection speeds reported up to 11x faster than peers. Recognition in Gartner Peer Insights, Frost & Sullivan, and KuppingerCole further reflects strength in managed detection and response.
CrowdStrike named Leader in Forrester Wave MDR Europe (Q3 2025), ranked highest in Strategy and Current Offering, with top scores in endpoint, cloud, identity, threat hunting, and automated response—validating Falcon Complete next-gen MDR and AI-accelerated detection.
CrowdStrike was Named Innovation & Growth Leader in 2025 Frost Radar for Cloud Workload Protection. Falcon Cloud Security unifies pre-runtime + runtime defenses across hybrid/multi-cloud, integrates with endpoint, identity, data, and anchors a 1,900+ partner ecosystem with 420+ tech integrations.
CrowdStrike was named the only vendor as both Leader and Outperformer in the 2025 GigaOm Radar Report for SSPM. The company earned perfect 5/5 scores across core evaluation areas. GigaOm recognized the Falcon platform as the most innovative and complete platform play in SaaS security.
CrowdStrike was named a Leader in the 2025 IDC MarketScape: Worldwide Exposure Management, recognized for unifying exposure management and threat detection in the Falcon platform. With a single lightweight agent, Falcon Exposure Management provides continuous visibility, network vulnerability scanning, attack path analysis, and AI-driven automation through Charlotte AI agents, enabling faster remediation and reduced risk.
7. Customers
$CRWD CrowdStrike has stopped publishing data on the total number of customers. The company is now focused on attracting larger customers, as it operates a multi-product platform, and the total number of customers is no longer considered a key metric. Instead, the trend in customers using multiple Falcon platform modules is more important. The number of customers using 7+ and 8+ modules has increased compared to the previous quarter by 1 percentage points sequentially.
Customer Success Stories and Large Customer Wins
Fortune 500 Energy Supplier. A Fortune 500 energy supplier expanded its cybersecurity investment through a seven-figure contract for Falcon Cloud Security. The decision was driven by the ease of adoption from CrowdStrike’s unified platform approach and the native integration of Application Security Posture Management. The deployment streamlined the company’s security architecture, collapsing ten separate tools spanning CNAPP, CSPM, ASPM, CDR, and container security into a single runtime protection framework. The operational impact was immediate: reduction in manual workflows and accelerated risk visibility across production environments.
Global Consulting Firm – Next Gen PAM Adoption. A global consulting firm replaced its legacy Privileged Access Management solution with CrowdStrike’s next gen PAM. Years of frustration with high cost and limited efficacy in their prior system prompted the shift. The firm consolidated its privileged account and risk management into the Falcon platform, gaining full visibility over privilege escalation, user behavior, and multi-factor controls. This transition not only simplified compliance with cyber insurance requirements but also delivered measurable efficiency in identity and access management operations.
Fortune 500 Software Firm – Strategic Reflex Expansion. A Fortune 500 software company completed an eight-figure Reflex transaction, renewing its strategic commitment to CrowdStrike well before its original Flex subscription expiration. The firm expanded platform coverage to replace its legacy and hyperscaler SIEM solutions while integrating Charlotte AI to automate threat hunting and SOC operations. The Reflex motion underscored the strength of the Falcon platform’s consumption model, producing a 50% uplift in ending ARR and validating CrowdStrike’s consolidation thesis.
Red Canary and Zscaler Partnership. Red Canary, an MDR provider acquired by Zscaler, executed a multimillion-dollar migration of its legacy endpoint base—over 100,000 endpoints across hundreds of customers—to the Falcon platform. The move standardized Red Canary’s managed detection and response services on CrowdStrike’s infrastructure. The migration positioned Falcon as the operational backbone for MDR delivery at scale, reinforcing its role as a preferred platform for ecosystem partners and MSSPs.
Amazon Business Prime Partnership. Amazon Business Prime embedded Falcon Go into its global offering for millions of SMB customers. The inclusion of CrowdStrike’s entry-level endpoint protection into the subscription plan unlocked new monetization within the sub-100 user market. This partnership extended CrowdStrike’s reach to smaller enterprises historically underserved by advanced cybersecurity tools, establishing a foothold in a previously low-penetration TAM segment and broadening revenue diversification.
NVIDIA Integration. CrowdStrike deepened its alliance with NVIDIA through the integration of Falcon Cloud Security with NVIDIA’s Universal LLM NIM microservices and Nemo Safety suite. The collaboration secured the AI lifecycle for over 100,000 LLMs. Falcon’s protection of AI workloads and data pipelines positioned CrowdStrike at the intersection of cybersecurity and generative AI infrastructure, enhancing its strategic role in protecting the world’s emerging AI compute layer.
8. KPI
ARR Growth
$CRWD CrowdStrike’s Annual Recurring Revenue (ARR) growth is slowing, reaching +20% YoY in Q2, which is below the company’s revenue growth. Management guided to FY26 ending ARR growth “more than 22%” and signaled back-half net new ARR growth of at least 40% year over year. Guidance implies a near-term reacceleration, and CrowdStrike aims to reach $10 billion ARR by FY31.
Net new ARR
$CRWD CrowdStrike added $221 million in net new ARR in Q2 2025, reflecting a -2% YoY increase. net new ARR addition was higher than in Q2 2024 and Q2 2023.
CAC Payback Period and RDI Score
$CRWD’s return on S&M spending slightly improved compared to the previous quarter to 25.7 months, which remains slightly worse than the 21.5-month median for the SaaS companies I track.
The R&D Index (RDI Score) for Q2 stands at 1.18, a strong result compared to the 1.2 median of other SaaS companies I monitor, and significantly than the industry median of 0.7.
An RDI Score above 1.4 is considered best-in-class, and the low industry median highlights the importance of efficient R&D investment.
Profitability
Over the past year, $CRWD CrowdStrike has seen changes in its margins and profitability:
Gross Margin decreased slightly from 78.4% to 77.6%.
Operating Margin decreased from 23.5% to 21.8%.
FCF Margin declined from 28.2% to 24.2%.
Operating expenses
$CRWD Non-GAAP operating expenses have slightly declined over the past two years, mainly due to lower S&M spending, which decreased to 31% from 32% of revenue.
R&D expenses slightly increased to 19%, reflecting the company’s continued investment in future growth through the expansion of its cybersecurity platform. G&A expenses decreased to 6%.
Balance Sheet
$CRWD Balance Sheet: Total debt stands at $811M, while CrowdStrike holds $4,972M in cash and cash equivalents, exceeding total debt and ensuring a healthy balance sheet.
Dilution
$CRWD Shareholder Dilution: CrowdStrike’s stock-based compensation (SBC) expenses increased in the last quarter, reaching 25% of revenue, which is relatively high for SaaS companies.
Shareholder dilution remains at an acceptable level, slightly decreasing in Q2, with the weighted-average number of basic common shares outstanding increasing by 2.4% YoY.
9. Conclusion
Q2 was strong, with revenue growth accelerating compared to the previous quarter. What’s most encouraging, however, is management’s forecast for FY26 ending ARR growth of “more than 22%”, which implies back-half net new ARR growth of at least 40% YoY. This guidance suggests a near-term reacceleration, and management also reaffirmed that CrowdStrike aims to reach $10 billion in ARR by FY31.
CrowdStrike continues to invest in future growth, increasing R&D spending. Last quarter, the company launched several new products, further strengthening its competitive position.
Leading Indicators
• RPO growth of +46.9% significantly exceeded revenue growth
• Billings growth of +24.8% - above revenue growth
• ARR growth reached +20.5%, below revenue growth
• Net new ARR additions increased +2% YoY
Key Indicators
• Customer adoption increased by +1 percentage point QoQ across large customers
• CAC Payback Period improved from Q1 2025 to 25.7 months, slightly worse than the SaaS average
• RDI Score slightly increased to 1.18, and at the median for SaaS companies I track
The forecast suggests further revenue growth deceleration, supported by strong RPO and Billings growth.
The valuation appears reasonable. While CrowdStrike trades at a premium relative to its forward revenue growth estimates, I believe this premium is justified. Management’s swift and effective response to the July 19 incident reinforced that view — and results over the next two quarters confirmed there was no meaningful customer churn, highlighting the exceptional stickiness of the Falcon platform and its wide moat, both of which strengthen CrowdStrike’s competitive position.
The TAM is substantial, projected to reach $116 billion by 2025, with a CAGR of 21.6% through 2029.
In April 2025, following a significant valuation expansion, I trimmed my $CRWD position slightly.
Currently, $CRWD remains one of my top 3 holdings, representing a 9.5% allocation.
Thank you for reading!
Follow me for more frequent updates on X/Twitter and Threads, and on LinkedIn. For visual infographics, check out Instagram, and for portfolio changes, follow me on SavvyTrader.
Disclaimer: This earnings review is for informational purposes only and does not constitute financial, investment, or trading advice.
Great post as always. I understand they are still recovering from the outage, but when do they expect to be net profitable again? 2026?
Incredibly thorough analysis. The juxtaposition of strong fundamentals with stretched valuation metrics is the core tension here. PEG of 4.3 screams caution, but the back-half ARR guide (≥40% YoY) and Reflex cohorts showing ~50% uplift in ending ARR suggest genuine operational momentum post-July 19 incident. What strikes me most is how management's quick navigation of the outage validates the moat thesis. Zero meaningful churn despite 8.5M affected Windows devices is extraordinary - it proves switching costs aren't just theoretical. The 98% gross retention rate and 23% of customers using 8+ modules create compounding lock-in. The Charlotte AI adoption surge (+85% QoQ) feels like an inflection point. When you embed AI across the entire SOC workflow and cut investigations from days to hours, you're not just selling security - you're becoming operational infrastructure. That's a different value proposition entirely. The Next-Gen SIEM reacceleration (>$430M ARR, >95% YoY growth) is notable because it's displacing legacy vendors on pricing innovation (first-party data not charged). That's a category-level disruption play. One concern: SBC at 25% of revenue is genuinely high, even for high-growth SaaS. Combined with the valuation premium, that creates meaningful dilution headwinds for equity holders. Your trimming in April 2025 at peak expansion was smart risk managment. The 9.5% allocation as a top-3 holding feels justified given the TAM trajectory ($116B→$225-250B by 2028-29) and platform consolidation thesis, but I'd watch for mean reversion if macro sentiment shifts.