MMI News

MMI News

Anxitea

蒼蛍里💎⚔️(あおいほとり)

竜のしっぽ布施店

𝙍𝙐𝙄𝙎 🇺🇸

𝙍𝙐𝙄𝙎 🇺🇸

アトラス(๑╹ω╹๑ )

Diego bolso

PADRIKTINHO 🇧🇷🩵🐉

ブックオフ307号枚方池之宮店トレカ専用アカウント

Manny

Eugene Ng

Eugene Ng

@EugeneNg

3 Dec 2025

CrowdStrike $CRWD 3Q26 Earnings - Rev $1.2b 22% ↗️🟢 - GP $926m 23% ↗️🟢 margin 75% 31 bps ✅ - NG EBIT $265m 32% ↗️🟢 margin 21% 157 bps ✅ - EBIT -$69m ↘️🔴margin -6% -11 bps ↘️🔴 - NG Net Inc $245m 29% ↗️🟢 margin 20% 98 bps ✅ - Net Inc -$34m ↘️🔴margin -3% -109 bps ↘️🔴 - OCF $398m 22% ↗️🟢 margin 32% -8 bps ↘️🔴 - FCF $296m 28% ↗️🟢 margin 24% 115 bps ✅ Biz Metrics - ARR $4.9b 23% ↗️ - RPO $7.9b 46% ↗️🟢 - 6, 7, 8 modules 49%, 34%, 23% 📶✅ Revenue by Geography - US $827m 21% ↗️🟢 - EMEA $198m 24% ↗️🟢 - APAC $128m 24% ↗️🟢 - Other $82m 29% ↗️🟢 Mgmt Guide - 4Q26 Rev $1.3b 23% ↗️🟢 - 4Q26 NG EBIT $262m - 4Q26 NG Net Income $243m - FY26 Rev $4.81b 22% ↗️🟢 (same) - FY26 NG EBIT $1.0b (same) - FY26 NG Net Income $954m (same) - LT GPM 82-85% - LT FCF margins 34-38% 1 | Solid quarter with continuing reacceleration I'm excited to share CrowdStrike's fantastic Q3. It was a record quarter as the business continued accelerating. On the back of record attendance at Fal.Con Global and Fal.Con Europe 2025, the momentum we're seeing with customers, prospects and partners drives my conviction in our near-term and long-term growth. Last quarter, Q2, we delivered our forecasted reacceleration a quarter early. We delivered an exceptional third quarter driven by organic growth, exceeding expectations across all guided metrics. We achieved record Q3 net new ARR of $265 million, exceeding our expectations by double-digit millions and more than 10 percentage points. Net new ARR growth accelerated to 73% year-over-year and ending ARR reached $4.92 billion, accelerating to 23% growth over last year. 2 | Saw broad-based ending ARR acceleration across cloud, Next-Gen Identity and Next-Gen SIEM and in endpoint, Flex growing rapidly broad-based ending ARR acceleration across cloud, Next-Gen Identity and Next-Gen SIEM collectively as well as acceleration in our endpoint business; and six, more than $1.35 billion in ending ARR from accounts that have adopted the Falcon Flex subscription model, growing more than 200% YoY. 3 | AI is rapidly expanding the attack surface especially with agents One, AI is rapidly expanding the attack surface. Businesses are onboarding a whole new type of workforce today, the agentic workforce, humans using agents to do more and agents working by themselves, each with access to data, applications, compute and sometimes even other agents. While the benefits of this newfound workforce are exciting and increasingly vital for market competitiveness, the rapidly expanding risk profile of this realm cannot be ignored. Every single agent expands the attack surface, necessitating protection. 4 | CrowdStrike is the armour and mission-critical in today’s agentic era and in cybersecurity CrowdStrike is both the armor and intelligence layer that keeps each agentic identity secure. The intelligence layer, providing visibility and context to organizations from agentic threats and risks, and the armor protecting agents from attacks, influence, exfiltration and data manipulation. Underpinning these financial highlights is the CISO, CIO and Board feedback I regularly hear. CrowdStrike is mission-critical in today's agentic society. No matter how the market swings, geopolitical tensions evolve or what technologies are in vogue, our digital society mandates cybersecurity as a necessity. And now more than ever, synonymous with that, CrowdStrike is a necessity. Our growth is driven by pervasive, durable and thematic market forces. 5 | Cybersecurity in the agentic era demands a single platform, not multiple platforms Three, cybersecurity in the agentic era demands a single platform. The criticality in being able to operate with agility, efficacy and speed to stop breaches is having the data, the controls and the actions in a single platform, not multiple platforms because when you have multiple platforms, by definition, you don't have a platform. Tab switching and contact switching cost time, data stitching doesn't scale. These are the seams and cracks where adversaries thrive. The leaky lifeboat of PowerPoint platforms and point product fragments simply cannot offer the protection, scalability and cost benefits or the ease of use of a single platform solution. 6 | CrowdStrike wins with the broadest single platform solution CrowdStrike wins as the market's broadest and only single platform solution. One, we've built the right architecture, a single console, single data backend, single sensor, agentic hyperscale platform that is frictionless and one of a kind in cybersecurity; two, it's the right time with the rapid growth of AI agents raising the threat risk profile and driving a holistic technology shift; and three, we're in the right position. 7 | Investing heavily into Next-Gen SIEM, post the acquisition of Onum to build a hyper scalable telemetry detection pipeline that brings CrowdStrike even closer to all of its customers' critical data Next-Gen SIEM has become a scale disruptor in a market that has historically been slow to evolve as customers embrace the speed and efficiency advantages versus legacy competitors. And with the acquisition of Onum, we're making it even easier to build on CrowdStrike with a hyper scalable telemetry detection pipeline that brings CrowdStrike even closer to all our customers' critical data. Falcon Next-Gen SIEM had a record net new ARR quarter, a clear outcome of the deliberate strategic choices we've made over the past several years. We know that the value of the technology is only as good as the platform on which it's delivered. So we invested heavily in integrating Next-Gen SIEM to create a unified single platform. 8 | CrowdStrike is well poised to replace legacy SIEM because they already have the EDR data in their platform, which isn the stickiest, and using Flex to lock them in if you look at the journey that we've been on and how we've been able to replace legacy AV, it feels a lot like that market in the early days when we think about replacing legacy SIEM, customers are looking for better outcomes. They're looking for faster results, and they're looking for lower cost. And because we already have the EDR data in the platform, we can offer disruptive pricing versus our competitors. The most -- the stickiest data that's out there is the EDR data, we already have it. And really, what it becomes is a journey to activate Next-Gen SIEM for our customers. So when we think about the opportunity to work with customers and how we get in and the opportunity going forward, keep in mind, all of our customers are Next-Gen SIM enabled, all of our customers are Next-Gen SIM enabled. It's a huge difference between us and everyone else in the marketplace. And all we need to do is go through the licensing exercise, and Flex is helping to accelerate that. So we can offer competitive disruptive pricing and then overall grow our total wallet share with the customer over time. So it's a multiyear long-tail journey that feels very similar to the displacement of legacy AV. 9 | Expanded partnership with AWS to enable access to Falcon Next-Gen SIEM Furthering our position as the operating system of cybersecurity, we recently announced our expanded partnership with AWS. Through this announcement, all of AWS's millions of customers will have access to Falcon Next-Gen SIEM natively within their AWS security console, enabling them to immediately access, interact with and analyze AWS telemetry directly in Next-Gen SIEM. Going a step further, we've also enabled federated search so that AWS customers can query their data from a single console. We're incredibly excited about what the future holds and thank AWS for both our amazing partnership and for their validation of Falcon Next-Gen SIEM as the best choice for their customers. 10 | More important, CrowdStrike’s Falcon Next-Gen SIEM as the default SIEM for all AWS customers in their Security Hub console, which CRWD seeks to convert and upsell Next-Gen SIEM usage into Flex subscriptions AWS selected Falcon Next-Gen SIEM as the default SIEM for all their customers offered in their Security Hub console. This brings Falcon Next-Gen SIEM with prepopulated AWS data to millions of AWS customers in a product-led growth motion. Our intent is to convert Next-Gen SIEM usage into Flex subscriptions as more accounts experience the power, speed and actionability of their AWS data, CrowdStrike data and other third-party data in Next-Gen SIEM. Our Next-Gen SIEM helps AWS fill a critical market gap, now competing with other hyperscaler SIEMs and doing so with Falcon. Our Next-Gen SIEM delivers value for AWS customers, even those who don't yet use Falcon because we've become a federated, prepopulated and affordable security data lake for observability, triage and threat hunting. 11 | See observation as a consolidation opportunity as they have the telemetry technology from Humio which became LogScale for observability Well, we do view it as a consolidation opportunity. And I'll remind everyone on the call that when we acquired Humio, which became LogScale, 50% of their business was actually in observability. So we have all of the technology. And in fact, because the platform is collecting so much data and so much telemetry, we have customers today that are using it for observability use cases. You combine that with our agent technology, which does deep inspection within its platform. And we have data that goes well beyond security data that is already being consumed by customers. And then you combine that with Onum, the pipelining technology, the data fabric, which again has the ability to take IT data. And we have a fantastic opportunity in front of us to consolidate in those areas, which, again, this is nothing new to us, we've actually been doing this. And this has been part of our selling motion as well as what customers are embracing. So it's already there, and there's certainly more that we can do and certainly more we will do. 12 | CrowdStrike replaced Splunk in a large 8-figure renewal A large European bank renewed their more than 500,000 workload EDR deployment, adding Next-Gen SIEM, Onum and Charlotte in a large 8-figure expansion deal. With our acquisition of Onum, this financial institution was able to eliminate their existing streaming pipeline point product as well as migrate off Splunk. 13 | Falcon Shield growing very strongly, securing SaaS app misuse from human and nonhuman identities, deliver near immediate value to land new logo accounts Our identity business continues to perform exceptionally well. While the demand for our ITDR offering has increased, it's the launch of both our PAM and Falcon Shield offerings that has our customers increasingly excited. Falcon Shield had a record net new ARR quarter, growing nearly 50% sequentially as market demand for SaaS application security has become a mainstream necessity, securing SaaS app misuse from human and nonhuman identities has never been more important or challenging. A Fortune 500 logistics company used Falcon Shield to uncover exfiltrated CRM data in less than 30 minutes from deployment, resulting in a 7-figure deal. Falcon Shield delivers near immediate time to value and is a product that we can land new logo accounts with even without endpoint deployments. 14 | CrowdStrike is the cloud runtime security leader, active defense can only be delivered in runtime Security teams now understand that they need active defense within their cloud environments, and this can only be delivered in runtime. CrowdStrike is the cloud runtime security leader as validated by the most recent Frost & Sullivan CWP report. And with our recent acquisition of Pangea, we're now positioned to protect the entirety of our customers' AI infrastructure. 15 | CrowdStrike replaced Wiz in numerous deals A Fortune 500 consumer packaged goods company grew their Falcon deployment with Falcon Cloud Security in a 7-figure expansion deal. This customer took the opportunity to displace Wiz, bringing their cloud security program to Falcon for the benefit of our consolidated CSPM, ASPM, CIEM and CDR approach. The outcome delivered is single platform management, better visibility and the ability to stop cloud breaches versus simply alerting on them. This was just one of multiple Wiz replacements. 16 | Flex is making it easier for customers to buy more, and to deploy more products, in return bigger and longer deals So the way I think about this is our Flex licensing, it's continuous. Net ARR will be continuous throughout time. And the beauty of this whole program is that it's designed for customers to easily buy more. So over time, we're excited about the opportunity as we bring more products to market and offer more availability to our customers easily. And I think that's the biggest piece that everybody on the call should just remember is that, that's exactly what Flex was designed to do, make it easier for customers to buy, make it very easier for us to be able to deploy and be able to give value and lower TCO. That's how we think about it. And the benefit is that we're seeing bigger deals and longer deals. And that's all good for us, and it's great for the customers. 17 | Falcon Flex is driving higher utilization and module adoption, in turn higher stickiness with its higher flexibility, and are re-Flexing more, consolidation drives growing customer stickiness Frequently imitated but never duplicated, Falcon Flex makes it easier than ever for our customers to experience the full power of the Falcon platform without procurement friction. The Flex model cultivates more platform utilization, accelerating module adoption. Falcon Flex is an unlock, not an ELA. Flex customer ending account ARR more than tripled year-over-year. But what has us even more excited is the momentum we're seeing in re-Flex activity. The number of re-Flex accounts more than doubled quarter-over-quarter to more than 200 with 10 customers re-Flexing more than 2x their initial Flex subscription. This demonstrates that Flex customers can and do increase their ARR and TCV spend with CrowdStrike, which is contrary to the ELA model, where all the economic value is realized once upfront. And I think the most important thing is and not get lost in things I've just said is consolidation. We started this company talking about consolidation, the ability for customers to do more with us, spend more with us and lower their total TCO but spending more with us. So I think that's the biggest point that I want to drive home. 18 | There is always some discounting in enterprise SaaS, but prudent, have different tools to protect the price point, and have been able to protect gross margins thus far Sure. Well, I think when you look at this market and you look at, say, enterprise sales, I mean, there's always some level of discounting. That's not unique to us. It's not unique to security, and it's not unique to software companies. It just happens as a normal course of business. And I think we've been very prudent in how we operate in those areas. And we've tried to focus on things like CCP, which again, allow customers to take new technologies in, but protect the price point and allow us to basically capture them in a flex opportunity. So we're going to use the tools available to us to be competitive. We continue to take share. We continue to drive new customer business. And we don't see anything out of normal course of business, but we've got various tools in our toolbox, and we tend to use those judiciously and again, where it makes sense for us and for the customer, and that just drives the growth that you've seen. And I'll also point out the 81% gross margin, like you have to look at the margin as well. And we've been able to be successful, and we've been able to protect the margin. 19 | Will only disclose gross and net retention rates every Q4 going forward Actually, let me take the last part of your question first. So basically, we are going to be giving out dollar-based net retention and gross retention rates at the end of the year. So that's what we've talked about, and we will do that, Tal at, the end of Q4. So -- and we do it every Q4. So I think you'll be -- you'll get that information. 20 | EY is doing extremely well as their leading global channel partner In addition, EY brought us into a Fortune 500 health care account, where in just a few months, we were able to modernize the endpoint, cloud and SIEM environments, an 8-figure end-to-end Flex expansion deal where we displaced 2 SIEMs, Defender for endpoint and a point cloud security product. EY is migrating accounts for which they own and operate multiple legacy SIEM technologies, consolidating on CrowdStrike. Additionally, EY is a leading global partner of ours for Next-Gen SIEM implementations, taking numerous Fortune 500 accounts through the journey from legacy SIEM to Next-Gen SIEM migration. 21 | Deloitte, GSI community, Wipro are now catching up and embracing CrowdStrike Deloitte announced Next-Gen SIEM in their MXDR practice, replacing their legacy SIEM provider. And Wipro, too, has standardized security delivery and incident response on Falcon. The GSI community is quickly seizing the SIEM and SOC transformation opportunity that only our single platform provides. The ecosystem embrace of partner-led services on Falcon is correlated to the opportunity we represent. 22 | New MSSP partnership with Kroll when it is now using Falcon instead of a point product EDR Lastly, I want to share a noteworthy MSSP partnership, which we've announced today with Kroll, a leading mid-market professional services firm. Kroll's cybersecurity division performs thousands of incident response engagements yearly for mid-market firms around the world, largely from their cyber insurance panel inclusion. Kroll had been using a point product EDR in their incident response and managed detection and response business. Now Kroll exclusively uses Falcon. And in an almost 8-figure rip-and-replace transaction, Kroll is migrating nearly 0.5 million endpoints to Falcon, which were previously running on a point product SMB EDR and up-leveling their own MDR service with Falcon Complete for service providers with our Falcon Complete team becoming the SOC for Kroll. 23 | CrowdStrike is strong regardless in big deals in enterprise, small deals in SMB, or with MSSP in partner channel sales Now with respect to breaking out how we think about our business, whether it's enterprise or SMB or MSSP, the great news about our business is that we sell all of it. We're successful with all of it. We're successful with small deals. We're successful with large enterprise deals. And for us, we have that great technology that it's the same. It's the same technology for if you're a 5-person shop or you're the largest company in the world. And the beauty of how we're able to deliver our technology is that it's up and running in seconds. 24 | Will be opportunistic with respect to acquisitions, integration is crucial, will remain highly strategic as to what they will buy The great news is we've got a tremendous balance sheet. We're in a fantastic position to be able to build or buy or partner. And I think we've been very thoughtful about our acquisitions. And a big part of our strategy has been the integration. When you look at Pangea, we're really starting to sell that in Q4 because we wanted to take the time and effort to integrate it. It's not just kind of stitch together. The single platform, which I talked about, is very important to our customers. So we're going to continue to be thoughtful. We're going to continue to buy what we perceive as best-of-breed in the market, not legacy technologies. We're going to integrate them, which is part of our customer brand promise. And we're going to continue to grow them within our sales motion and the channel that we built. So we'll be opportunistic, but we'll also be very strategic in what we buy. 25 | Still have massive market opportunity, 50% of the market is still legacy AV, long runway in endpoint business to take legacy market share Now with the adoption of this, this isn't AI creation, it's AI adoption. And that, I believe, is going to be a massive market opportunity for us. So that's where we see that. And overall, as I always say, 50% of the market is still legacy AV, and there's still a long runway in the endpoint business to be able to take that legacy market share. 26 | CrowdStrike is the best cybersecurity defender out there, and is back, accelerating its growth, winning and stopping breaches We're not selling products. We're delivering outcomes, introducing the world to a whole new way of performing cybersecurity and risk management. In closing, this was one of our very best quarters in company history. Acceleration is back. We're winning and we're living the company's mission of stopping breaches. AI represents our largest opportunity and demand driver yet. We're using AI to revolutionize cybersecurity. And even larger, we're securing the world's use of AI, so businesses of all sizes can adopt more AI faster, securely and with confidence. The takeaway is this, AI adoption necessitates the right cybersecurity. It necessitates CrowdStrike. Jensen Huang summed up our market position best saying, "I can't imagine a better defender than CrowdStrike," on the stage at NVIDIA GTC in Washington, D.C. ➡️ Final Takeaways CrowdStrike $CRWD: Crowdstrike’s growth continues to hold up strongly with strong growth reacceleration, as it continue to displace legacy AV, supported by numerous opportunities to add cloud, Next-Gen Identity and Next-Gen SIEM and in endpoint as it increasingly consolidates cybersecurity under one single platform. Flex is doing especially well, with the higher flexibility, driving for higher module adoption, usage, larger and longer deals, and more customer stickiness. All of which point to sustained continued growth.

2,205