CrowdStrike

What's the realistic margin expansion path from here? They've been guiding toward non-GAAP operating margins in the high 20s but GAAP profitability is still weighed down by massive stock-based compensation. At what point does SBC as a percentage of revenue actually normalize?

CrowdStrike reported fiscal Q1 2025 ARR of approximately $3.65 billion, up 33% year-over-year, with subscription revenue growing 34%. Management reiterated its path to $10 billion ARR but gave slightly softer near-term guidance than the street wanted, citing extended sales cycles in the wake of the July outage.

Falcon platform's module adoption rate is the real story here — customers who start with endpoint detection keep layering on identity protection, cloud workload security, and now Charlotte AI. Every upsell is basically free margin since the underlying infrastructure is already paid for. ARR per customer keeps climbing and I don't see that stopping.

Has anyone dug into how CrowdStrike's Falcon Go and Falcon Pro tiers are performing in the SMB segment compared to enterprise? I'm trying to understand if they have a real mid-market motion or if they're still overwhelmingly dependent on large enterprise and federal contracts.

Palo Alto Networks essentially buying market share by offering free Platformization bundles is a real competitive threat that doesn't get enough attention. If CISOs can get XSIAM and endpoint coverage rolled into a broader network security renewal, some of them will take that deal just to reduce vendor count.

CrowdStrike announced expanded integration with Amazon Web Services at re:Invent, including native deployment of Falcon Cloud Security through the AWS Marketplace and tighter integration with AWS Security Hub. The deal is part of a broader push to capture cloud workload protection spending as enterprises accelerate multi-cloud deployments.

The July 2024 Falcon sensor update outage that bricked millions of Windows machines is going to be a long shadow. Enterprise procurement teams have long memories and I'm already hearing anecdotes about RFPs that now require a second vendor alongside CrowdStrike as a redundancy mandate. That's direct pressure on their consolidation narrative.

CrowdStrike's move into SIEM with Falcon LogScale and the Next-Gen SIEM positioning is smart timing given Splunk being absorbed into Cisco. A lot of Splunk customers are anxious about the Cisco integration roadmap and CrowdStrike is actively going after that displacement opportunity with a cloud-native architecture that Splunk can't easily match.

The incident response and professional services business through CrowdStrike Services is an interesting flywheel that gets overlooked. When a company gets breached they call Mandiant or CrowdStrike, and whoever runs the IR engagement often ends up selling the victim on their monitoring product afterward. It's a lead generation engine disguised as a services business.

Microsoft Defender for Endpoint is good enough for a huge chunk of the market and it comes bundled with E5 licensing that enterprises are already buying. CrowdStrike keeps saying they win on detection efficacy but procurement teams under budget pressure are going to keep asking why they need to pay extra when Defender is already in the stack.

The federal business is an underappreciated piece of the CrowdStrike story. They hold FedRAMP High authorization and are embedded in a significant number of civilian agency and defense contractor environments. That's recurring revenue that almost never churns regardless of what happens in the commercial market.