The content of this analysis is for entertainment and informational purposes only and should not be considered financial or investment advice. Please conduct your own thorough research and due diligence before making any investment decisions and consult with a professional if needed.

As expected, the CRWD 0.00%↑ Q3 earnings began reflecting the impact of the July incident.

As evident from the quarterly net new ARR history, there is a clear trend of increasing Net New ARR from Q1 to Q4 of each calendar year—a pattern that was abruptly disrupted in Q3 2024.

If you haven't read my original deep dive on Crowdstrike, I recommend doing so before reviewing this update. It's essential reading for a thorough understanding of the company.

Crowdstrike Deep Dive

The July 19 incident resulted in near-term headwinds to net new ARR as we experienced extended sales cycles with both existing and prospective customers and onetime incentives offered through our customer commitment packages, which resulted in increased contraction and muted upsell rates

explained Burt Podbere, CFO of CrowdStrike.

He further elaborated that sales cycles for enterprise accounts lengthened by approximately 15% year-over-year, and the company estimates that customer commitment packages reduced net new ARR by approximately $25 million in Q3. Notably, most of the deal value closed during the quarter under these packages included additional products or Flex dollars, rather than extended terms or professional services.

Free cash flow also declined, decreasing by 1.9% year-over-year, influenced by the incident, as well as by planned investments in data center and workload optimization, research and development, and sales and marketing.

According to the CFO, these headwinds are expected to persist in Q4 and may even intensify compared to Q3, with customer commitment packages projected to impact both net new ARR and subscription revenue by approximately $30 million in Q4.

I think we're still going to see extended sales cycles for both new and existing customers. I think customers have additional scrutiny, additional layers of approvals, all that sort of thing.

And I think we're going to continue to deploy customer commitment packages. This is going to result in muted upsell rates and potentially higher-than-typical levels of contraction.

While this impact was anticipated and is expected to persist until Q2 2025 (with management projecting a reacceleration of net new ARR in the second half of the year), a fundamental question remains: have competitors taken advantage of CrowdStrike's weakness, leading to a potential loss of market share?

To address this, let’s analyze the Q3 performance of SentinelOne.

Net New ARR grew by over 20% sequentially, significantly outperforming typical third-quarter seasonality, and notably accelerated by 4% year-over-year. While this result is not particularly remarkable and does not necessarily indicate that SentinelOne has gained CrowdStrike's customers, it does underscore CrowdStrike's ongoing challenges in recovering from the July incident.

Further supporting this narrative, the following revenue growth chart highlights how both Fortinet and Palo Alto experienced a reacceleration in revenue growth during Q3.

Now, let’s turn to the good news.

Share

Falcon customers are staying with CrowdStrike as their trusted cybersecurity platform of choice

said George Kurtz, CEO and founder of Crowdstrike.

Q3 gross retention was over 97%, down less than 0.5 percentage point. Strength in retention was driven by the value that customers receive from the Falcon platform.

This metric will be crucial to monitor in the upcoming Q4 earnings release, as this quarter typically sees the highest volume of contract renewals. If the gross retention rate holds steady at this level, it will be a strong indicator that customers are not churning.

On a positive note, the success of customer commitment packages and the adoption of Falcon Flex could serve as a leading indicator for improvements in both gross and net retention. The more modules customers adopt, the stickier the Falcon platform is likely to become. And this was confirmed by Burt Podbere:

Our customer commitment packages are helping fuel an increase in platform and module adoption. Subscription customers with 5, 6, and 7 or more modules grew to 66%, 47% and 31% of subscription customers, respectively. Notably, we reached a new milestone for module adoption in the quarter as customers with 8 or more modules grew to 20% of subscription customers. This momentum in increased module adoption, and our Falcon Flex program gives us confidence in our customer commitment strategy and ability to reaccelerate net new ARR growth starting in the back half of fiscal year 2026.

My takeaway from the earnings call is that CrowdStrike remains highly regarded as the leading cybersecurity platform. Customers are staying loyal, and new customers are still coming on board, despite longer sales cycles and slower new logos wins due to increased scrutiny and a temporary setback in pipeline generation following the incident. Q4 earnings are expected to mirror Q3, with management guiding for a modest year-over-year growth rate of 22%.

For now, I’m holding my position, optimistic that the worst may already be behind us by the first quarter of the new year. I also believe management is being cautious in projecting growth reacceleration only in the second half of FY2026 (calendar year 2025).

From now on, for the companies I have analyzed in depth & disclosed a personal position in, I will introduce a new metric to track their stock performance since my initial deep dive. I have named this index “Deep Dive To Date” (DDTD). This metric will serve as a tool for both myself and my followers to reflect on and learn from my successes and mistakes.

For Crowdstrike stock ($CRWD), the price on October 16th, when I published my analysis, was $304.97. As of this update, the price stands at $365.65, reflecting a

+19.9% DDTD

See you in the next update!