📢 Earnings Summary — CRWD

CrowdStrike delivered a record Q3 with strong ARR acceleration, record free cash flow and operating income, and broad-based strength across NextGen SIEM, cloud, identity, and endpoint. Management highlighted the expanding AI-driven attack surface and positioned the single-platform Falcon architecture as the operating system for cybersecurity in the agentic era. The company deepened strategic distribution through AWS, where NextGen SIEM is now the default in Security Hub, and saw growing momentum from the Falcon Flex model. High-profile competitive takeouts (including Wizz and Splunk) and large multi-product expansions underscore share gains. While competition from hyperscalers and integration execution remain risks, the tone and results were strongly positive with clear catalysts ahead from AWS distribution, Flex adoption, and cloud/runtime leadership.

📈 Growth Highlights

• Record net new ARR of $265M, up 73% YoY; exceeded internal expectations by >10%
• Ending ARR of $4.92B, up 23% YoY, with broad-based acceleration across cloud, identity, NextGen SIEM, and endpoint
• Falcon Flex ending account ARR >$1.35B, growing >200% YoY
• Falcon Shield (SaaS app security) posted a record net new ARR quarter, nearly 50% sequential growth
• Cloud security delivered a record net new ARR quarter; multiple competitive takeouts (including Wizz)
• NextGen SIEM posted a record net new ARR quarter; AWS integration positions PLG funnel expansion
• Endpoint business accelerated; strong federal quarter including a 75k endpoint legacy AV replacement

🔨 Business Development

• AWS selected Falcon NextGen SIEM as the default SIEM within AWS Security Hub, with native access and federated search; product-led growth motion targeting conversion to Flex
• Recognized by AWS as Global Security Partner of the Year
• Accenture named launch partner for AWS SIEM migrations; Deloitte moved MXDR to NextGen SIEM; Wipro standardized security delivery and incident response on Falcon
• F5 partnership: Falcon sensor certified on BIG-IP; F5 purchased Falcon and OverWatch for its install base via a large Flex deal; hundreds of F5 customers now protected
• Large European bank 8-figure expansion: added NextGen SIEM, Onum, and Charlotte; eliminated a streaming pipeline product and migrated off Splunk
• Fortune 500 CPG 7-figure expansion: displaced Wizz with Falcon Cloud Security (CSPM, ASPM, CIEM, CDR consolidation)
• Leading AI/token factory selected Falcon Cloud Security in an 8-figure deal to secure AI infrastructure
• Fortune 500 healthcare 8-figure Flex expansion: displaced two SIEMs, Defender for Endpoint, and a point cloud security product
• Falcon Shield wins: Fortune 500 logistics 7-figure deal (rapid exfiltration detection); Global 500 personal care leader 7-figure expansion after uncovering shadow SaaS

💵 Financial Performance

• Record Q3 net new ARR of $265M (+73% YoY)
• Ending ARR of $4.92B (+23% YoY)
• Record Q3 free cash flow of $296M (24% of revenue)
• Record non-GAAP operating income of $265M (21% margin); second consecutive record quarter
• Flex customers’ ending account ARR >$1.35B (>200% YoY)

🏦 Capital & Funding

• Strong FCF generation ($296M in Q3) supports self-funded growth and M&A
• Recent tuck-in acquisitions (Onum and Pangea) to enhance SIEM telemetry pipeline and AI infrastructure protection
• No discussion of share repurchases, new debt, or capital raises on the call segment

🧠 Operations & Strategy

• Single-platform strategy (single console, single data backend, single sensor; AgenTeq Hyperscale platform) positioned as the operating system for cybersecurity in the agentic era
• NextGen SIEM is the platform foundation; deeply integrated with a unified data backend; Charlotte (agentic SOC orchestrator) achieved FedRAMP High
• AWS console integration enables PLG for SIEM; plan to convert users to Flex subscriptions
• Falcon Flex licensing accelerates module adoption; Reflex accounts >200 (doubled QoQ), with multiple customers expanding >2x initial commit; Flex expected to become licensing standard
• Prioritizing runtime cloud protection over posture-only; validated CWP leadership (Frost & Sullivan); expanded to protect full AI stack via Pangea acquisition
• New insertion points (e.g., F5 BIG-IP appliances) expand footprint and routes to market
• Scaling partner-led services; GSIs standardizing on Falcon for SIEM/SOC transformation and migrations from legacy tools

🌍 Market Outlook

• AI adoption is expanding the attack surface, lifting demand across endpoint, identity, SaaS, cloud, and SIEM
• Enterprises consolidating from legacy SIEM (e.g., Splunk) and point products to a unified platform for speed, cost, and efficacy
• Rising focus on SaaS app security (Falcon Shield) and identity (ITDR, PAM) amid elevated third‑party SaaS risk
• Cloud buyers emphasize runtime prevention; multiple wins versus hyperscalers, firewall-vendor SIEMs, and Wizz
• Management expects continued share gains aided by AWS distribution and Flex momentum

⚠ Risks & Headwinds

• Competitive pressure from hyperscaler SIEMs, firewall vendors, and incumbents (e.g., Splunk, Defender for Endpoint, Wizz)
• Execution and integration risks tied to recent acquisitions (Onum, Pangea) and rapid portfolio expansion
• Dependence on large platform partners (e.g., AWS) and GSIs introduces channel/platform concentration risk
• Macro/geopolitical uncertainty and escalating AI-enabled adversary sophistication could create demand and operational variability
• Customer migration and consolidation projects can be complex and elongated

AI-generated earnings recap sourced from company results & conference call observations. Not investment advice — verify with official filings.