Is CrowdStrike A Buy?
The earnings analysis, the Quality and Valuation Updates.
Hi Multis
Anand here with the CrowdStrike (CRWD) earnings review.
First, I want to apologize for being late in the CrowdStrike article.
Just like Kris, I was sick, and half the article sat in my editor for 5 days. I am feeling much better now and hope you all are doing well.
CrowdStrike is a strong household name in the Potential Multibagger universe. It reported its earnings on March 4, 2025, and the stock was down more than 5%. That's not a scary thing, especially not for seasoned Potential Multibaggers investors.
The stock drop after the outage was much more and the stock had almost recovered to where it was before the outage on July 19. Less than 8 months, for such a big outage, that's a swift recovery. This is the sign of a strong company, a skilled management team, and the stickiness of the platform.
Source: Finchat
(By the way, Kris has a discount link for Finchat. For just $289 per year (through the link) you get a ton of value. You can make your own charts, ask AI for an overview, etc. Get your discount here.)
You can see that it went to an all-time high in February 2025, just before the market dropped and before the earnings.
The Numbers
CrowdStrike reported strong results for Q4 2024. Revenue was $1.06 billion, up 25% year-over-year. The ARR (Annual recurring revenue) was up 23% to $4.24 billion. An additional ARR of $224.3 million was added in Q4 2024, well ahead of management's expectations.
Source: Finchat
The total gross margin was 77%, compared to 78% a year ago, and the Non-GAAP subscription gross margin was 80% of the revenue, the same as last year.
Non-GAAP net income was up 10% to $260.9 million, compared to $236.2 million, and GAAP net loss was $92.3 million, compared to net income of $53.7 million in the fourth quarter a year ago. Non-GAAP net income per share was $1.03, compared to $0.95, and GAAP net loss per share was $0.37, compared to income of $0.22 in the fourth quarter a year ago.
Net income and earnings per share were impacted by incident-related expenses in Q4, which will be discussed in more detail later in the article.
Free cash flow was $239.8 million, compared to $283.0 million. It decreased by 15%, with a free cash flow margin of 23%. I think the free cash flow margin is bottoming here, but I will give one more quarter to confirm the trend.
For the full year, management delivered a free cash flow of $1.07 billion or 27% of revenue, exceeding $1 billion in annual free cash flow for the first time.
Source: Finchat
Guidance
Q1 2025 Outlook
Management is known for providing conservative guidance. They guided for revenue between $1.1 to $1.106 billion, 20% growth compared to a year ago and in line with the consensus. Non-GAAP net income is in the $162.1 to $167.5 million range, and non-GAAP net income per share will be in the $0.64 to $0.66 range, also in line with the consensus estimate.
Management informed about Q1 2025 cash impacts of approximately $73 million for outage-related costs, including incremental sales compensation, as well as $43 million due to the impact of flexible payment terms provided under customer commitment packages for deals closed in the back half of the year.
Full-year 2025 outlook
Management guided for revenue between $4.74 to $4.80 billion. Non-GAAP net income is seen between $851.2 to $883 million range, and non-GAAP net income per share will be in the $3.33 to $3.45 range, in line with the consensus estimate.
Since customer commitment packages for deals are ending in the back half of the year, this may get raised as they will have better clarity.
Highlights from the conference call
CrowdStrike Platform Updates
As per Gartner Peer Insights, CrowdStrike Falcon platform is the highest-rated vendor for Cloud-Native Application Protection Platform or CNAPP, user authentication, and Security Information and Event Management or SIEM.
Source: CrowdStrike investor presentation
CrowdStrike has a total of 29 modules that are offered on a single platform. Each module is easy to enable and disable, just like turning on or off the switch. That really removes the friction in the adoption of enterprise companies. To stop a breach or if you need help in an active breach, CrowdStrike is the company to call.
For the fiscal year 2025 (not a typo, the company is ahead by a year for its fiscal year), CrowdStrike reported ARR for cloud security, identity protection, and Next-Gen SIEM of over $1.3 billion, growing nearly 50% year-over-year. These three are the top modules for the company, and generally, these are the three hot segments in the cyber security space, and CrowdStrike is winning in them.
The Cloud Security segment crossed $600 million in ARR, Identity Security crossed $370 million in ARR, and LogScale - Nextgen SIEM crossed $330 million in ARR.
The coupling of Next-Gen SIEM alongside the native first-party data and the agentic power of Charlotte AI gives CrowdStrike a unique advantage in continuing to lead the AI security revolution.
Source: CrowdStrike investor presentation
This quarter, the company's Exposure Management business, which is displacing legacy vulnerability management products, has swiftly become a meaningful contributor to the company, with a line of sight of $300 million in ARR. CrowdStrike exposure management offers both native vulnerability management for devices and applications associated with integrated attack surface management.
CrowdStrike Identity business continues to benefit from several key trends, including the rapidly growing identity attack surface. CrowdStrike recently acquired Adaptive Shield. It integrated a module called Falcon Shield into the platform, which secures identities everywhere, whether on-premises, in SaaS applications, or within the hyperscaler Cloud infrastructure.
In Q4, CrowdStrike customers who adopted 6 or more modules grew to 48% from 43% a year ago, 7 or more modules grew to 32% from 27% a year ago, and 8 or more modules grew to 21%. Customers with 5 or more modules reached an all-time high of 67% and on average, new customers are landing with at least 5 modules.
The management team will discontinue the 5 or more metrics and only focus on the higher adoption numbers. Previously, they also phased out reporting about customers with 3 modules or more and 4 modules or more. If anything, this shows the strength of the company.
Source: Finchat
In Q4, there were over 20 deals greater than $10 million, over 350 deals greater than $1 million, and over 2,300 deals greater than $100,000. I have confidence that CrowdStrike will reach their $10 billion ARR sooner than they estimated.
CrowdStrike has a gross dollar retention of 97% as customers remain firmly committed to the Falcon platform. That's impressive after the big outage last year. Gross dollar retention is merely down 1%, which is simply amazing in this context. Customers are clearly choosing to stay and spend money on their cyber security solutions with CrowdStrike.
CrowdStrike is the first cybersecurity ISV (independent software vendor) to cross $1 billion in deal value on the AWS Marketplace in a single calendar year. The company had a noteworthy year with Google Cloud Marketplace, where, in the first year of the partnership, the company closed deals worth over $150 million in value. This shows the scale, strong execution, and commitment of customers.
CrowdStrike was also named a Leader in The Forrester Wave in Managed Detection and Response Services Q1 2025.
Source: CrowdStrike investor presentation
Falcon Flex Is Flexing Its Muscles
CrowdStrike announced Falcon Flex in September 2024, offering customers adaptable licensing to the Falcon platform's modules. In Q3, management shared accounts that adopted the Falcon Flex model, representing more than $1.3 billion in total deal value. In Q4 alone, the company added over $1 billion of total account Flex deal value, with accounts that adopted Falcon Flex soaring to $2.5 billion in total deal value, growing 80% quarter-over-quarter and growing more than 10x year-over-year.
This sounds fantastic, right? After the July 2024 incident, the management team offered customer commitment packages or CCPs, mainly in the form of additional products and Falcon Flex subscriptions. That fuels the growth in Falcon Flex subscriptions, and it's wise because those credits or offerings will give the customers a chance to try the additional modules and further consolidate on the CrowdStrike platform. This is a smart move and positive for the business as it demonstrates customers' trust in our long-term partnership, drives bigger deals, and increases levels of platform adoption rather than extended time and professional services.
I still believe Falcon Flex is a game changer, accelerating module adoption and making it easier and faster than ever. We will see a lot of adoption, but I am not expecting euphoric growth to remain there forever.
CrowdStrike also launched CrowdStrike Financial Services, or CFS, in September 2024, providing tailored financing solutions for the Falcon platform, which can be combined with Falcon Flex. CFS has already closed deals worth over $140 million through the program in FY '25. According to management, CFS enhances CrowdStrike’s customers' ability to do larger and longer-term deals with CrowdStrike, further enabling future platform adoption and strategic Falcon Flex deals.
Charlotte AI
Charlotte AI is CrowdStrike's generative AI security analyst, is a SOC (Security Operations Center) analyst's best friend, and it is driving substantial AI outcomes.
Charlotte AI Detection Triage accelerates SOC operations and threat response times. In Q4, the company made more than 100 Charlotte AI deals. Customers are seeing outcomes and sharing feedback and those sometimes go viral in the world of cybersecurity. For example, a European financial services firm stated Charlotte AI has been very useful to them. It summarized activity on the hosts and users in 10 to 15 seconds, which would have taken us 20 to 30 minutes to do manually.
CrowdStrike is instrumental in winning the AI war by developing an innovation engine, securing endpoints, and the security data to fuel it. In this AI-fueled demand environment, the point product vendors and those that have failed to deliver open and native single platforms increasingly fall short. CrowdStrike is cyber security's AI-native SOC. The company’s greatest asset is cybersecurity's richest data set. They have curated this data set with millions of Falcon complete analysts and notations, making threat data contextualized and actionable. No one else has this. This is their moat; this makes them the number one. The data is liquid gold for creating new agentic models for continuously improving protection.
The analysts and market don't seem to have considered the full potential of Charlotte AI. I think it's a game-changer.
CEO George Kurtz's gave his take on how to secure the environment in this AI age.
First, more AI everywhere means more data, more access, and more processes, services, and products requiring cybersecurity. The locales of AI adoption are either in cloud workloads or data centers or even on edge devices, all of which we are market leaders in securing with AI native technology that stops the breach.
Second, more access to more third-party and in-house agentic applications and services requires rethinking identity and data protection, who is accessing data and where is it traveling, matters more now than ever before.
And third, securing AI starts a broader enterprise data discussion.
CrowdStrike internally leveraged AI for their internal manual processes, enabling the teams to focus on high-value activities across the business. This is the first company to share the statistics of hours saved publicly. I may be wrong, but I haven't heard of any company publishing such numbers publicly.
In Q4, they saw strong employee adoption of AI capabilities with average reported time savings per employee of over 1 entire workday a month; if annualized across our entire workforce, it equates to more than 24,000 work weeks saved. Not too shabby.
Conclusion Earnings Analysis
Before we go to Kris for an update on the Quality Score and the Valuation, a quick takeaway.
CrowdStrike reported strong numbers. The company has a short-term headwind with the outage-related expenses, but the company handled this did extremely well. It turned lemons into lemonade by giving credits that are an opportunity to upsell more modules to the customers. The Falcon platform is sticky and shows great strength even after the incident.
We may see the gyration in stock price based on the overall market performance, but the thesis remains fully intact.
(If you are a free subscriber, we say goodbye here. If you want to see all of the paid content, like my portfolio, all of my trades, and premium content like the Quality Score and Valuation Score, you can upgrade here).