During the build-up to its December 2 earnings event, CrowdStrike Holdings (CRWD) had to deliver more than a routine “beat and raise” in its third-quarter (Q3 FY26) earnings report to justify its premium valuation. As I’ve opined previously, the cybersecurity leader needed to hit $1.23 billion in revenue and prove that its new procurement model, the Falcon Flex, is gaining traction. Until then, I was content to stay on the sidelines. CrowdStrike’s latest earnings installment provides significant backing for an upgrade from a Hold to a Buy rating. CrowdStrike’s Q3 FY26 earnings report, released on December 2, met high bars and cleared mine with authority.
TipRanks Cyber Monday Sale
- Claim 60% off TipRanks Premium for data-backed insights and research tools you need to invest with confidence.
- Subscribe to TipRanks' Smart Investor Picks and see our data in action through our high-performing model portfolio - now also 60% off
CrowdStrike reported precisely $1.23 billion in revenue (up 22% YoY), matching an earlier target identified as the threshold for a bullish reversal. Its diluted earnings per share (EPS) of $0.96 beat market expectations.
More importantly, the company shattered a bear case regarding the July 2024 outage. With Net New Annual Recurring Revenue (ARR) accelerating 73% year-over-year to a record $265 million, the verdict is in: customers are not leaving. In fact, they are consolidating their cybersecurity spend onto the Falcon platform at a record pace.
The data confirms that CrowdStrike has successfully pivoted from damage control back to platform expansion. I am upgrading my rating from Hold to Buy, and explaining why the “Flex Factor” changes the long-term thesis for this stock.
The ‘Flex Factor’ is Real, and It’s Accelerating
In a pre-earnings analysis, Falcon Flex was identifiable as a critical friction-reducer that could unlock broader enterprise spending. Falcon Flex is the company’s new procurement model that aims to unlock broader enterprise spending and accelerate adoption across CrowdStrike’s expanding suite of non-endpoint security offerings. The company’s Q3 numbers prove Flex has become a fundamental revenue growth driver as enterprises buy security in 2025.
Falcon Flex generated $1.35 billion in deal value during the past quarter, growing over 200% year-over-year. This model allows customers to commit to a total spend amount and “draw down” that balance across any chosen module, eliminating the need for separate contracts for every new tool.
The most telling metric from the Q3 earnings call was the “Re-Flex” rate. Management noted that the number of Re-Flex accounts (customers renewing and expanding their Flex agreements) more than doubled quarter-over-quarter. Even more striking, 10 major customers expanded their Flex consumption by 2x or more this past quarter. A CrowdStrike platform stickiness thesis is hereby confirmed.
Once a customer is on the Flex model, it becomes effortless for them to test and deploy new modules. Customers are consolidating onto CrowdStrike to simplify their operations, instead of switching to potentially cheaper competitors. Palo Alto Networks (PANW) and Microsoft (MSFT) best come to mind. The “land and expand” strategy has become frictionless, and the company could be in the early innings of a favorable shift in procurement.
CrowdStrike’s ‘Sleeper Engines’ Are No Longer Sleeping
CrowdStrike has been viewed primarily as an endpoint security company (protecting laptops and servers) for years. That narrative is now outdated. My pre-earnings thesis pointed to “sleeper engines,” specifically Identity Protection, Cloud Security, and LogScale (Next-Gen SIEM), as the keys to sustaining CRWD stock’s hyper-growth. SIEM stands for Security Information and Event Management.
Latest Q3 earnings results emphatically validate this view. As of Q2, the combined annual recurring revenue (ARR) for Cloud, Identity, and LogScale now exceeds $1.56 billion, growing at over 40% year-over-year. Management confirmed accelerated growth in Q3. These ’emerging’ businesses within CrowdStrike are now larger than many standalone public cybersecurity companies.
Identity protection continues to see rapid adoption as attackers shift from malware to credential theft, while LogScale (Next-Gen SIEM) was a standout performer, with management confirming a record quarter for Net New ARR in the SIEM category. Enterprises are ripping out legacy, expensive SIEM providers and moving to CrowdStrike’s faster, cheaper alternative.
Also worth noting is that broader revenue diversification reduces CRWD stock’s risk profile. CrowdStrike is growing from an endpoint security play into the operating system of enterprise security. A recent 40% annual growth rate in these pillars suggests the company has a massive runway ahead in these adjacent markets (even if endpoint growth naturally matures).
The 2024 Outage Still in the Mix
The elephant in the room heading into this report was the lingering impact of the July 2024 outage. Reputational damage naturally leads to higher churn and slower new-business wins. But the latest data is proving this natural phenomenon wrong, at least for CrowdStrike.
You simply can’t achieve a 73% acceleration in Net New ARR if customers are fleeing. The record $265 million in Net New ARR in the Q3 report should be the definitive proof that CrowdStrike’s trust deficit has potentially closed in 2025.
Furthermore, the company has maintained strong cash flow generation capacity throughout the trying period. Despite the “customer commitment packages” (discounts and incentives offered post-outage), which are a drag on margins, CrowdStrike delivered a record $296 million in Free Cash Flow, representing a healthy 24% margin. Management apologized to customers through incentives without breaking the bank.
CRWD’s Legal Overhang and a Steep Valuation
Two specific risks warrant caution for any investor building a new position in CrowdStrike stock today.
Firstly, the Delta Air Lines (DAL) lawsuit regarding the July outage is proceeding. While the airliner could face hundreds of millions in damages, the legal process could be noisy, and surprises could emerge in 2026 or later, causing volatility shocks to CRWD stock.
Secondly, CrowdStrike stock is still priced for perfection. Even after a post-earnings stabilization, CRWD trades at approximately 28x forward sales, or more than three times its industry’s sales multiple of 6.9x. At its current valuation, the market is pricing in flawless execution for years to come. There is no margin of safety for a “miss” over the next several quarters. If the macro economy falters or if IT spending tightens in 2026, CrowdStrike’s stock could suffer a multiple compression even if the company continues to perform well operationally.
My Buy rating at this point acknowledges the growth stock’s quality, which commands a premium. However, position sizing should reflect valuation and legal risks.
Is CrowdStrike Stock a Buy?
CrowdStrike Holdings stock commands a Moderate Buy rating on Wall Street based on 38 analysts who released 26 Buys, 11 Holds, and 1 Sell rating on CRWD stock during the past three months. The average analyst price target of $562.75 implies almost 10% upside over the next twelve months.
CrowdStrike Turns the Corner with Engines Revving
In November, I concluded that CrowdStrike needed to prove it had turned the corner. I can safely say the firm has delivered. The company hit targets required to satisfy the bulls, delivered a 73% acceleration in Net New ARR, burying the “churn” narrative, and with Falcon Flex driving over $1.35 billion in deal value, the company has established a powerful mechanism for future revenue, earnings, and cash flow growth.
New investors are investing in a cybersecurity platform consolidation winner that is firing on multiple cylinders. While the July 2024 incident-related lawsuits and a sky-high valuation demand a watchful eye, the business’s momentum is too strong to ignore, and an upgrade to Buy seems befitting, targeting growth-oriented investors building a long-term retirement portfolio.