CrowdStrike – Still the King of Cybersecurity, But is the Stock a Buy?
With AI tailwinds, platform strength, and a growth re-acceleration, CrowdStrike is set to keep dominating. This is still one of the best SaaS stocks to own!
Cybersecurity has become one of the most durable secular growth stories in technology, no doubt about it.
With cloud adoption, remote work, AI proliferation, and increasingly complex cyber threats reshaping the digital landscape, security has shifted from a cost of doing business to a mission-critical necessity. As a result, it is one of the most obvious growth stories for the decade or two ahead, projected to grow at a double-digit clip through at least the end of this decade, with high-growth vectors like cloud and identity protection compounding even faster.
In such a structurally attractive market, one company has separated itself from the pack: CrowdStrike.
Let me be clear: I am a massive CrowdStrike bull—and for good reason. To me, CrowdStrike is the top choice in this highly promising industry. The company combines a highly scalable, cloud- and AI-native platform with outstanding execution and a business model built for durability.
At the heart of its success is Falcon, a brilliantly architected platform that leverages a single, lightweight agent and a cloud-native backend to deliver a broad suite of security modules—from endpoint protection to identity security to threat intelligence. This design enables seamless deployment, rapid updates, and minimal system resource usage, making Falcon not just powerful but also beloved by its customers. The fact that CrowdStrike experienced minimal slowdown or customer churn after last year’s massive outage only proves how indispensable the product has become.
Beyond its architecture, CrowdStrike benefits from one of the most powerful data network effects in the software industry. Each new customer contributes telemetry that feeds Falcon’s machine-learning models, making threat detection smarter and more effective over time. This virtuous cycle consistently drives retention above 120%, while an expertly executed go-to-market strategy ensures that customers expand their spending across modules.
Financially, CrowdStrike stands alone in its league: subscription revenue accounts for over 90% of the mix, gross margins exceed 75%, free cash flow margins fall within the 25–35% range, and revenue growth remains above 20%.
It is the textbook definition of a “rule of 40” business—year after year.
In short, CrowdStrike isn’t just participating in a rapidly expanding market; it is defining it. Honestly, there isn’t even anything close. With share in endpoint security climbing from 14% in 2021 to over 20% today, and a TAM expected to grow at over 20% annually, this company is positioned to compound at scale for years to come.
Last week, CrowdStrike released its second-quarter earnings report, which failed to impress investors, mainly because the revenue guidance was very light and did not align with CrowdStrike’s extremely high valuation, which demands perfection. As a result, unsurprisingly, shares lost 4% of their value in the following two trading sessions, although that’s significantly better than the initial 7-8% sell-off post-market.
Meanwhile, CrowdStrike delivered a strong quarter, beating my expectations. It did beat Q2 consensus estimates, delivered accelerating growth, and issued robust profit guidance well ahead of consensus estimates. Also, more importantly, underlying trends and performance remain excellent.
Today, I want to take a closer look at these results and developments to update my investment thesis, projections, and reconsider the valuation of one of my highest conviction long-term picks.
Are CrowdStrike shares finally a buy? Let’s find out!
Or join InvestInsights PRO (paid) now and get even more high-quality stock analyses (at least 6 analyses per month) + all the other paid benefits!
Q2 headline numbers might not impress, underlying data does
Jumping right in, CrowdStrike’s Q2 results really didn’t disappoint, with both top and bottom-line results surpassing consensus estimates and CrowdStrike exceeding its own guidance on all metrics, as demand turned out much better than expected in Q2.
Starting at the top, CrowdStrike delivered Q2 revenue of $1.17 billion, up 21% year-over-year. This was about $20 million above consensus and slightly ahead of the high end of management’s guidance, reflecting resilient demand for the Falcon platform.
What really stands out is the inflection in growth. After more than two years of steady deceleration—from the 60% range in FY23 to just 21% last quarter—CrowdStrike posted its first re-acceleration a full quarter earlier than management had guided, and this is expected to continue in the quarters ahead. That is a meaningful development, as the stock’s premium valuation has looked increasingly difficult to justify with growth slowing into the low-20s.
The acceleration, while modest, signals that underlying demand remains robust despite macro headwinds (which we have seen plaguing peers in Q2) and the IT outage hangover. It also reinforces the strength of drivers like Falcon Flex adoption, expanding module penetration, its AI-powered product differentiation, and the positive impact of the AI revolution, which drives renewed demand.
Still, the chart above underscores the challenge. Growth is far from the hyper-growth days of FY23, and investors will want to see clear evidence that this uptick isn’t just a one-off. In other words, the Q2 re-acceleration is a welcome signal—but it needs to mark the start of a durable trend to support the current valuation.
Looking deeper, CrowdStrike added a record $221 million in net new ARR during the quarter, coming in well above guidance and marking another acceleration. Total ending ARR reached $4.66 billion, up 20% year over year, pointing to a more stable growth trajectory.
Within this, demand for cloud, Next-Gen Identity, and Next-Gen SIEM modules stood out, with ending ARR for these products collectively climbing more than 40% to $1.56 billion. Next-Gen SIEM, in particular, has emerged as one of the most exciting growth engines, with ARR surging 95% year over year to over $430 million. As management put it, “Next-Gen SIEM is becoming synonymous with AI SOC transformation, akin to upgrading from a typewriter to a computer, unlocking new capabilities, cost efficiencies, and agentic speed.”
In other words, CrowdStrike is beginning to see tangible acceleration from the AI revolution—a force that may prove central in reigniting sustained growth.
CrowdStrike explained the significance of AI to its entire business very clearly during the earnings call. CrowdStrike described the rise of the “agentic era,” where both attackers and defenders increasingly deploy AI as a core weapon. A striking example came from its own threat intelligence unit, which uncovered how North Korea’s Famous Chollima group used generative AI to infiltrate more than 320 enterprises by creating fake résumés and conducting deepfake job interviews. It’s a reminder that AI doesn’t just expand productivity—it accelerates adversaries.
CrowdStrike’s strategy is to be the platform that secures AI “end-to-end.” That means protecting the models themselves, the workloads in the cloud and data centers where they run, and the human and nonhuman identities that access them at the endpoint. At the same time, the company is using its own AI to revolutionize defense. Its SOC agent, Charlotte, has become a prime example—automating actions and now end-to-end workflows across the security operations center. Charlotte posted a record adoption rate in Q2, growing more than 85% sequentially, demonstrating the rapid adoption of AI-native security operations.
This dual approach—utilizing AI for security and leveraging security for AI—is central to CrowdStrike’s competitive moat. Unlike legacy vendors who try to stitch together point products, CrowdStrike’s architecture is unified and underpinned by a vast data foundation. Years of telemetry gathered across its customer base give its models speed, accuracy, and enforcement capability that rivals cannot easily replicate. As management put it, enterprise security in the AI age is fundamentally a problem of data, speed, and enforcement—and these are precisely the areas where Falcon excels through its cloud-native and single-platform approach.
The AI wave is also a key driver of CrowdStrike’s cloud business, where adoption is surging. As enterprises rush to deploy AI workloads in the cloud, runtime security has become critical. Posture tools alone may provide visibility, but they cannot stop breaches in production. Here too, CrowdStrike is a leader, trusted by some of the most sophisticated enterprises—including Nvidia—to secure their AI infrastructure. Cloud ARR surpassed $700 million in Q2, growing more than 35% year-over-year, underscoring the importance of this opportunity.
Taken together, CrowdStrike is not merely adapting to AI; it is positioning itself as a foundation for customers’ AI futures. The company is driving this transformation, rather than being pulled along by it. With attackers accelerating and enterprises scrambling to secure their AI deployments, CrowdStrike’s platform is becoming indispensable—a structural advantage that could sustain growth well beyond the current cycle.
And then there is Falcon Flex, which has quickly become a game-changer.
Falcon Flex is CrowdStrike’s flexible subscription model that lets customers commit to a pre-negotiated spend and then allocate credits across modules as their needs evolve. A $1 million annual contract, for example, can be spread across any part of the portfolio, with modules added or adjusted over time without renegotiations or legal overhead.
The model benefits both sides: CrowdStrike secures committed contract value, while customers gain the agility to adapt to changing security needs. This has translated into larger deals—average Flex contracts exceed $1 million in ARR and typically run close to three years—while also accelerating adoption of new modules.
With 75% of Flex contracts already deployed, and many fully allocated within months, customers are often returning to expand their agreements ahead of schedule. These “re-flexes” typically already occur within five months and increase ARR by nearly 50%, making them a powerful driver of organic growth.
The impact on CrowdStrike’s business model is significant. Flex customers are scaling faster, committing to longer agreements, and expanding spending at a pace unmatched by traditional contracts. At the end of Q2, Falcon Flex had crossed 1,000 customers, with over 220 new accounts added in the quarter alone. Nearly 10% have already re-flexed, double the number seen just a quarter ago.
Ultimately, Falcon Flex showcases the Falcon platform’s true potential. Customers aren’t just signing larger, longer contracts—they are expanding them within months because the value is so evident. By lowering friction and making module adoption seamless, Falcon Flex enables seamless transitions from initial deployments to full-platform commitments, which is crucial as customers increasingly look to consolidate.
In short, it’s brilliant.
And it’s leading to considerable growth in large contracts – or low-effort organic growth in its existing customer base – especially as the cybersecurity market is seeing growing consolidation. Enterprises no longer want multiple vendors tied together; instead, they want a single, unified platform to meet all their needs.
This momentum is further reflected in our module adoption metrics, as CrowdStrike is seeing customers consistently adopt more modules. Today, 48%, 33% and 23% of subscription customers are adopting 6, 7, and 8 or more modules, respectively, all of which are up nicely from just two years earlier.
To conclude, all things taken together, the re-acceleration in revenue growth, strong ARR performance, rapid adoption of AI-driven modules, and the success of Falcon Flex all reinforce the same point: CrowdStrike has built a platform that is not only mission-critical today but also uniquely positioned for the future. Customers are consolidating spend, adopting more modules, and expanding contracts at an accelerating pace—clear evidence that CrowdStrike’s architecture, data advantage, and go-to-market strategy are driving both growth and durability.
With these dynamics in play, the company enters the second half of the year with real momentum. I agree with management; the company appears well-positioned to continue accelerating growth in H2 and into 2026. While the actual numbers may not seem overly impressive at first glance, underlying trends are increasingly pointing in the right direction.
On that note, let’s move to the bottom line!
Margins continue to show weakness
Crowdstrike’s revenue outperformance in Q2 is what primarily drove better-than-expected bottom-line results, although these do still reflect some weakness.
The company reported a healthy gross margin of 78% and a subscription gross margin of 80%, which is still best in class, although down 100 bps YoY. Further down the line, CrowdStrike reported operating expenses of $653 million, growing faster than revenue, driven in particular by higher R&D expenses as a percentage of revenue. This grew from 26% one year ago to 30% in the latest quarter, with R&D expenses, up 28% YoY, well outpacing revenue, as Crowdstrike is entirely focused on platform innovation.
As a result of these higher costs, CrowdStrike reported some operating margin pressure, with this one falling 170 bps YoY to 21.8%, still showing a downward trend. Positively, driven by the strong revenue performance, it does achieve a record non-GAAP operating income of $255 million. Also, both the operating income and margin exceeded guidance.
Ultimately, this resulted in a non-GAAP net income of $237 million, or $0.93 per share, surpassing consensus estimates by $0.10 and exceeding the high end of guidance.
At the same time, its GAAP net income came in at a negative $78 million, including $35.7 million in expenses for outage and related matters and $38.4 million in strategic plan-related charges. Continued excessive SBC explains the remaining difference between GAAP and non-GAAP numbers. Q2 SBC as a percentage of revenue was 24.3%, roughly flat from Q1 and still far too high for my taste, especially since CRWD clearly is no longer a hyper-growth stock.
I need this to trend down in due time, but so far it remains too high, putting downwars pressure on my fair value estimate.
Finally, CrowdStrike reported a record Q2 FCF of $284 million, reflecting a 24.3% FCF margin, which is down almost 400 bps YoY, driven by the lower gross and operating margin. On a positive note, the falling FCF margins, which are driven by slowing growth and growing costs, are expected to stabilize and improve in H2 and into 2026.
Despite the lower FCF margin, cash generation remained strong, allowing CrowdStrike to maintain a healthy balance sheet with a record high of $4.97 billion in cash, while debt remained low at just $810 million.
That represents pristine financial health, characterized by minimal debt and ample liquidity.
The Onum acquisition – My quick thoughts
Before we can get to the outlook & valuation, I want to quickly address Crowdstrike’s acquisition of Onum, a leading data pipeline platform.
We can safely say it is a significant move to strengthen its Next-Gen SIEM. Onum specializes in high-speed, real-time data pipelines built on a stateless, in-memory architecture. In simple terms, it enables companies to move and filter massive amounts of security data faster, more efficiently, and at a lower cost.
Management highlighted three core benefits: Onum processes up to five times more events per second than rivals, cuts data storage costs by about half through smart filtering, and enables detection before data even enters Falcon, together leading to incident response that’s up to 70% faster. Instead of relying on third-party ingestion tools (which customers often find slow and expensive), CrowdStrike can now offer an integrated solution that makes Falcon’s Next-Gen SIEM easier to adopt and more powerful from day one.
By bringing detections closer to the data source, Onum also strengthens CrowdStrike’s AI advantage. A more efficient data flow enables better training for AI models and results in faster, higher-fidelity outcomes for customers. This positions Falcon not just as a SIEM replacement but as the data foundation for AI-driven security operations.
In short, this is not just a useful add-on, but a move that could accelerate Falcon adoption and cement CrowdStrike’s role as the security and data backbone of the AI era.
Want more out of your subscription? Even more content like this weekly?
Consider InvestInsights PRO - $7.50/month ($70/annually)
This gets you:
A guaranteed 6+ stock analyses every month (roughly 2-4 paid-exclusive).
Full insight into my own portfolio (14% return CAGR since 2022).
Instant transaction alerts anytime I make a move (Fully transparent).
A complete overview of all my target prices and ratings (online available).
Exclusive access to the PRO subscribers Discord channel.
You will get immediate access to these recent analysis of Netflix, American Express, PayPal, Uber, and Meta!
Outlook & Valuation
While the Q2 results absolutely weren’t bad, guidance was probably what disappointed investors the most, and what fueled the post-earnings sell-off, as it simply fell short of expectations.
For H2, management remains optimistic, driven by a combination of strong Falcon Flex momentum, a record Q3 pipeline, and increasing demand for AI-powered features. As a result of this excellent momentum, the expectation is still for growth to accelerate in the second half of the year.
For Q3, management now guides for revenue to be in the range of $1,208 million to $1,218 million, reflecting a year-over-year growth rate of 20% to 21%, largely stable from Q2 but falling short of a $1.23 billion consensus. Additionally, operating income is expected to be in the range of $256 million to $262 million, and EPS to be approximately $0.93 to $0.95, practically flat YoY but comfortably ahead of a $0.90 consensus.
Moving to the full year guide, management now anticipates revenue to be in the range of $4,750 million to $4,806 million, up 20% to 22% YoY, versus a $4.79 billion consensus and my $4.78 billion prior estimate. Additionally, EPS is expected to be in the range of $3.60 to $3.72, well ahead of a $3.51 consensus and my own $3.54 estimate.
This revenue guide includes the assumption for high single-digit sequential net new ARR growth in Q3 and at least 40% year-over-year net new ARR growth for the back half of the fiscal year, bringing ending ARR growth for FY26 to more than 22%, suggesting a very healthy acceleration in H2, based on the 20% growth in H1. Additionally, this still includes a minimal and declining impact/headwind from its CCP efforts.
Making up the balance here, it obviously isn’t ideal that revenue guidance was a little light, only just about matching consensus estimates. Yet, guidance is also far from terrible, as it won’t force negative revisions. In fact, profit guidance is significantly better than previously expected, prompting analysts to revise their FY26 estimates positively.
But, again, merely beating expectations isn’t enough to justify its premium.
Looking beyond the current fiscal year, growth expectations for CrowdStrike also remain excellent. Management still expects to hit its $5 billion ending ARR milestone before the end of the current fiscal year and believes it remains on track to exceed $10 billion in ARR by FY31, suggesting a minimal CAGR of 15%, although that seems like a very conservative target.
For reference, CrowdStrike’s TAM is expected to grow from $116 billion in 2025 to $250 billion in 2029, driven by rapidly growing demand for high-end, AI-driven cybersecurity solutions across the entire digital supply chain. This reflects a 21%(!) CAGR through the end of the decade, and I don’t expect this to slow down much after considering the growth in cyber threats and their complexity.
With CrowdStrike still constantly growing its market share and TAM, I believe CrowdStrike should be able to easily outpace this 21% CAGR, likely delivering growth closer to the mid-to-high twenties through the end of the decade.
Meanwhile, the company continues to target a long-term gross margin of between 82% and 85%, suggesting room for margin expansion. Additionally, its R&D as a percentage of revenue should drop from over 30% today to between 15-20%, allowing its operating margin to expand to between 28% and 32%, leaving loads of room for upside.
This should enable it to grow EPS at an even faster clip, likely in the high twenties to low thirties, through at least 2030. And finally, while its FCF margin will likely be around 27% in the current fiscal year, it is expected to improve to over 30% next year and grow to between 34% and 38% in the longer term, which is an excellent prospect.
So, for my projections, I have slightly lifted my fiscal FY26 projections to account for the Q2 beat and stable prospects for H2. For the following years, I have primarily implemented my expectations outlined above and management’s longer-term targets. As a result, I expect stable growth in FY27 due to some economic weakness, particularly in the U.S. Beyond that, I expect CrowdStrike to re-accelerate growth to the mid-twenties, while margins should recover and improve strongly, leading to low-thirties EPS growth.
You can find my simplified projections below.
That then brings us to the largest hurdle: valuation.
As always, CRWD shares come at a premium, even as shares trade 20% below a recent all-time high. For reference, shares now still trade at:
87x next year’s earnings
18x next year’s sales,
a growth-adjusted PEG of 3.4x
and an FY27 FCF multiple of 57x
At these multiples, CrowdStrike is priced for perfection, to put it mildly. Realistically, it is priced for considerable outperformance. Even with re-accelerating growth, growth in the low-to-mid 20% range won’t satisfy skeptics if it stalls again.
At today’s premium valuation, CrowdStrike cannot afford to stumble. Competition remains intense, budgets are not immune to macro pressures, and AI innovation will need to translate into sustained ARR growth to justify the stock’s multiple.
Still, the Q2 results suggest CrowdStrike is executing exactly as it must to remain the category leader. Suppose CrowdStrike can accelerate growth into the mid-to-high twenties range while maintaining free cash flow margins in the 25–35% band, it will keep its status as one of the few large-cap cybersecurity firms capable of compounding at scale, and with the prospect to keep doing so well into the next decade.
Without a doubt, the company is one of the best-positioned businesses globally, leading in one of the most secular-driven categories with an AI-native, superior platform built for the future.
But price matters, even for Crowdstrike.
So, what is a good price to buy?
Well, especially amid current macro and geopolitical uncertainty, I am looking for a bit more downside protection. So, let’s assume a 75x fiscal 2028 exit multiple. Yes, this is still an insane multiple, I know, but considering what’s ahead for Crowdstrike and the quality of the business, I believe it does deserve such a whopping premium, which would include a PEG of closer to 2.5x and FCF multiple likely toward 30-40x, which isn’t too bad.
Assuming this multiple and my current projection, I calculate an end-of-fiscal 2028 target price of $490. From a current share price of $411, well below its quite recent all-time high of over $500, that represents potential annualized returns of just over 7%, which is nowhere near enough to make CRWD shares an interesting buy today.
In other words, even under bullish assumptions, I believe forward growth is fully priced in at today’s $411 share price.
To answer my earlier question – where would I buy? – I am currently aiming for a dip below $360 per share, ideally toward $350 or $340.
However, for now, and as long as shares remain well above those levels, no matter my bullishness, I am not compelled to add to my CrowdStrike position. At the same time, I also don’t consider selling any shares.
Rating: Accumulate below $360
2027 Target Price: $490
Implied CAGR from current price: ~7%
Please leave a like if you enjoyed this post and found it valuable!
Excellent analysis, thank you very much for sharing it 🙌.
I had two questions after reviewing the valuation section:
I understand you're using an FY28 EPS of 6.53 and a 70x multiple, which gives me a target price close to $457 (with an approximate CAGR of 3–4% from the current price). However, in your post you mention a target of $490 with a compounded return of ~7%. Is there any additional adjustment in the calculation that explains this difference?
I'm also curious about the multiple used. With EPS growing at around 18% annually through FY28, a P/E of 70x seems quite demanding. In that scenario, a more reasonable multiple might be around 36x (PEG ≈ 2). What’s your view on why 70x is still valid over this horizon?
Thanks in advance for your response and for continuing to share such valuable content 🙏.
CrowdStrike’s dominance is clear, but valuation will likely dictate whether it’s a good entry now.