Crowdstrike: everyone loves a comeback story
$CRWD Q4 2024 ER update
The content of this analysis is for entertainment and informational purposes only and should not be considered financial or investment advice. Please conduct your own thorough research and due diligence before making any investment decisions and consult with a professional if needed.
"Everyone loves a comeback story," George Kurtz proclaimed on CrowdStrike’s Q4 2025 earnings call, revealing a recovering $224 million net new ARR, compared to $153 million of the previous quarter, and a record $1.07 billion free cash flow for the ended year.
And with AI adoption soaring, CrowdStrike’s epic rebound is likely just heating up. More on AI trends will follow in the present article.
But the real kicker? The Customer Commitment Program (CCP), a bold move to lock in trust after last summer’s turbulence, wrapped up with a bang. As CFO Burt Podbere put it, “In Q4, we completed our very successful customer commitment program,” delivering $56 million in ARR value in the quarter alone—$80 million for the year.
This wasn’t a timid farewell.
The majority of deals that closed with customer commitment packages in the quarter included additional product or Flex dollars, rather than extended time and professional services
Podbere emphasized.
Customers didn’t just stick around—they went all in, snapping up more Falcon platform tools and Flex subscriptions. That’s not a Band-Aid; it’s a power play.
We view this as a positive for the business as it demonstrates customers' trust in our long-term partnership and importantly, drives bigger deals and increased levels of platform adoption
he added.
If you haven't read my original deep dive on Crowdstrike, I recommend doing so before reviewing this update. It's essential reading for a thorough understanding of the company.
Business Ontology Framework
As with every stock I analyze, I’ve crafted a tailored blueprint to track CrowdStrike’s performance, rooted in my new Business Ontology Framework. As you should know by reading my original deep dive, my thesis centers on two strengths: its single lightweight agent architecture, enabling rapid, seamless module scaling, and its crowdsourced data, powering AI-driven, industry-leading cybersecurity.
Below is a visual representation of Crowdstrike’s Business Ontology, presented in a clear and structured format.
Next, I dedicate a paragraph to providing an update on each component of the Ontology.
Revenue Growth VS Competitors
The cornerstone of my investment thesis for CrowdStrike, and my guiding metric moving forward, is its ability to consistently deliver revenue growth that outpaces its two primary direct competitors: SentinelOne and Microsoft. Since Microsoft does not regularly disclose detailed revenue figures for its cybersecurity business, SentinelOne serves as my primary benchmark.
As noted in my prior quarterly update, CrowdStrike faced challenges following the July incident, the effects of which remain evident. In Q4, CrowdStrike reported a year-over-year (YoY) revenue growth of 25%, lagging behind SentinelOne’s 29% YoY growth. However, a closer look at a leading indicator—quarter-over-quarter Annual Recurring Revenue (ARR) growth—offers a more encouraging outlook.
CrowdStrike’s Q4 ARR growth rebound suggests that a recovery is underway. If this trend persists over the next few quarters, I anticipate CrowdStrike could catch up to SentinelOne’s revenue growth by year-end.
I recognize that SentinelOne’s revenue base is significantly smaller than CrowdStrike’s, which naturally allows for higher percentage growth. Nevertheless, my conviction in CrowdStrike hinges on its position as the undisputed leader in the cybersecurity industry. My rationale is twofold:
Investing in the Best: I prefer to invest solely in the top company within any given sector. I believe the strongest moats widen over time, and market leaders tend to sustain their dominance for the long haul.
Return Expectations: I target an annualized return of over 30% per stock in my portfolio. To achieve this, I require revenue growth exceeding 20% for the foreseeable future. While young, high-growth companies may see free cash flow (FCF) per share growth outpace revenue growth in the short term, over the long run, FCF growth aligns with revenue growth. For CrowdStrike to meet this threshold, it must outgrow the projected cybersecurity industry’s CAGR commonly cited in the range of 10% to 14% over the next five to ten years, gaining market share by outpacing competitors.
Given the lingering impact of the July incident, I am granting CrowdStrike a grace period of two additional quarters. This aligns with CFO Burt Podbere’s outlook, who anticipates a reacceleration in the second half of FY 2026:
Visibility is improving as we move further from the sun… The net new ARR acceleration we expect in the second half of FY '26 sets the foundation for further acceleration in FY '27 over FY '26 as we scale the business to our goal of $10 billion of ending ARR by FY '31.
If CrowdStrike can regain its momentum and solidify its leadership, it remains a compelling long-term investment.
Following the encouraging signs of recovery in CrowdStrike’s ARR growth, let’s examine two additional metrics to confirm whether this upward trajectory remains intact and retains its momentum.
The first metric is the percentage of existing customers adopting five or more modules. The data shows consistent growth across multiple tiers:
This steady increase underscores the effectiveness of CrowdStrike’s single lightweight agent architecture. By enabling seamless cross-selling, it reduces friction for customers adopting additional products. This not only reinforces the company’s ability to deepen penetration within its existing base but also signals CrowdStrike’s potential to rapidly introduce new offerings, thereby expanding its Total Addressable Market (TAM). A broader TAM, paired with strong customer uptake, lays a solid foundation for sustained revenue growth—a critical factor in my thesis.
The second metric centers on operational efficiency, as highlighted by CFO Burt Podbere during Q4. He emphasized the impact of AI adoption across the workforce:
In Q4, we saw strong employee adoption of AI capabilities with average reported time savings per employee of over 1 full workday a month, equating to more than 24,000 work weeks saved, if annualized across our entire workforce…. We are also leveraging AI to automate key sales processes and streamline reporting and workflow. By automating the hours of manual work involved in these tasks, we can deliver new efficiencies in the business while continuing to execute on growth initiatives.
This adoption of AI-driven efficiencies frees up significant resources, which CrowdStrike can redirect toward growth initiatives. The result? Either accelerated revenue growth, enhanced free cash flow (FCF), or both. This operational leverage complements the ARR recovery and multi-module adoption trends, reinforcing my confidence that CrowdStrike is regaining its footing as an industry leader. If these improvements persist, they could propel the company toward the revenue outperformance I expect—and require—to justify its place in my portfolio.
Retention
In Q4, CrowdStrike’s gross retention rate held steady at an impressive 97%. This is highly encouraging, particularly more than five months after the July incident, as it signals that customers have not lost faith in the CrowdStrike solution. A retention rate this strong reflects enduring trust in the platform’s value, a critical factor for long-term success.
Meanwhile, the dollar-based net retention rate (NRR) came in at 112%, tempered by the influence of customer commitment packages that concluded with Q4. With this program now complete, I’ll be watching closely for a rebound in NRR starting next quarter. An uptick would further confirm that CrowdStrike is not only retaining its customer base but also driving expansion within it—another key indicator of its path back to industry-leading growth.
Beyond the encouraging retention metrics, CrowdStrike’s leadership has leveraged the July incident as a springboard to deepen customer engagement and accelerate platform adoption. CEO George Kurtz elaborated on this strategic pivot during the Q4 earnings discussion, highlighting the role of the Falcon Flex subscription model. He noted,
Falcon Flex is a subscription model that enables customers to adopt the modules they want across their subscription term. This model deeply resonates with prospects and customers as well as our ecosystem partners.
This flexible approach has proven to be a powerful tool, particularly in the wake of the incident.
Kurtz explained how the company responded to the challenge:
Following the summer's incident, we worked with impacted customers to offer them customer commitment packages, CCPs, largely in the form of additional product and Falcon Flex subscriptions. The CCP program was a Falcon Flex accelerant.
Rather than merely mitigating damage, CrowdStrike turned adversity into opportunity by incentivizing customers with tailored offerings. The results speak for themselves. Kurtz shared,
In Q4 alone, we added over $1 billion of total account Flex deal value with accounts that adopted Falcon Flex soaring to $2.5 billion in total deal value, growing 80% quarter-over-quarter and growing more than 10x year-over-year.
This surge in adoption underscores customers’ long-term commitment and has fueled a significant acceleration in Total Contract Value (TCV).
The success of Falcon Flex extends beyond deal signings. Kurtz emphasized,
With more than 60% of Falcon Flex deal value already deployed by customers to date, we are pleased with the deployment stats.
This rapid deployment reflects customers’ eagerness to consolidate on the Falcon platform and adopt additional modules—a trend that aligns with the multi-module uptake seen earlier. He added,
Falcon Flex is a game changer, accelerating module adoption and making it easier and faster than ever before to consolidate on Falcon.
By simplifying and speeding up adoption, Falcon Flex strengthens CrowdStrike’s competitive edge.
As the company moves further from the incident, Kurtz signaled the end of the CCP initiative but underscored its lasting impact:
With the summer now several quarters behind us, we're ending our customer commitment package program. The CCP program was an excellent proactive measure, which not only built our relationship with impacted customers but also resulted in significant platform adoption.
This strategic response not only preserved trust but also positioned CrowdStrike for growth. Kurtz concluded with optimism, stating,
This uptake gives me confidence in our second half net new ARR reacceleration as products are deployed, onetime discounts drop off and contracts are upsized and renewed.
This narrative of turning a setback into a catalyst for growth reinforces my belief in CrowdStrike’s resilience. The combination of high retention, Falcon Flex-driven adoption, and a clear path to ARR reacceleration suggests the company is not just recovering—it’s poised to reclaim its leadership trajectory.
TAM Growth
A growing customer base is more than a vanity metric for CrowdStrike—it’s the engine of a powerful feedback loop that drives superior cybersecurity outcomes and, in turn, attracts even more customers. CEO George Kurtz highlighted this dynamic in his Q4 commentary, tying it to the pivotal role of AI and data. He stated,
Winning the AI war requires the very best data and battle-tested innovation engine.
At CrowdStrike, this begins with its expanding roster of customers, whose adoption of the Falcon platform generates a wealth of security data—data that Kurtz describes as
liquid gold for creating new agentic models for continuously improving protection.
This cycle starts with the platform’s ability to deliver tangible results. Kurtz noted,
For our customers, Falcon has quickly become their AI-native SOC. Charlotte, our generative AI security analyst, is a SOC analyst best friend and already driving tangible AI outcomes.
He cited a specific example:
Across more than 100 Q4 Charlotte AI deals, customers are seeing outcomes, sharing feedback like what we've received from a European financial services firm, which stated Charlotte AI has been very useful for us. It's done summarization of activity on host and users in 10 to 15 seconds, which would have taken us 20 to 30 minutes to do manually.
Such efficiency gains showcase how CrowdStrike turns data into actionable insights, enhancing protection and reinforcing customer trust.
As more customers join and deploy Falcon, the data pool grows, amplifying the platform’s effectiveness.
Moreover, Kurtz explained how AI adoption will benefit Crowdstrike,
More AI everywhere means more data, more access and more processes, services and products requiring cybersecurity.
This influx of data fuels what he calls “cybersecurity's richest data,” curated with
millions of Falcon Complete analysts' annotations, making threat data contextualized and actionable. No one else has this.
The result is a self-reinforcing loop: better data improves AI-driven protection, which attracts more customers, generating yet more data. In Q4, this momentum was evident as
governments and enterprises increasingly turned to CrowdStrike
particularly in threat intelligence, where the company logged its largest quarter ever.
Kurtz also framed this growth within a broader context:
The democratization of destruction, AI in the hands of more adversaries intensifies the market need for CrowdStrike.
As threats escalate—evidenced by “China Nexus adversaries escalating state-sponsored cyber operations by 150%” and attacks in key sectors “soaring up to 300%”—CrowdStrike’s data advantage becomes a differentiator. This positions the company not just to retain customers but to expand its footprint, capitalizing on a market where “point product vendors and those that have failed to deliver open and native single platforms increasingly fall short.” As customer numbers rise, so does the data moat, solidifying CrowdStrike’s path toward industry dominance.
Ready to dive deeper? Unlock all my in-depth analyses and updates—including coverage of LMND 0.00%↑ , HIMS 0.00%↑, RKLB 0.00%↑, ODD 0.00%↑, CRWD 0.00%↑ and DUOL 0.00%↑ —by visiting Lorenzo2cents. Want the latest articles delivered straight to your inbox? Subscribe here and stay ahead of the curve.
Conclusion
The data from CrowdStrike’s latest quarterly report fuels my optimism, though the next three quarters will be pivotal in determining whether the company’s moat has weathered the July incident unscathed. Only then can I confidently assess if the stock has the potential to deliver multi-bagger returns in the short term—a non-negotiable requirement for maintaining a spot in my portfolio.
As always, here is the “Deep Dive To Date” (DDTD), that is how the stock is performing since my initial deep dive. For Crowdstrike stock ($CRWD), the price on October 16th, when I published my analysis, was $304.97. As of this update, the price stands at $357.11, reflecting a
+17% DDTD
Stay tuned for the next update!
Looks like Crowdstrike is making some serious moves! Can't wait to see how this comeback unfolds.