CrowdStrike and Broadcom Earnings Reviews
Photo by Robynne O / Unsplash

CrowdStrike and Broadcom Earnings Reviews

22 min read

Table of Contents

1. CrowdStrike (CRWD) – Earnings Review

a. CrowdStrike 101

CrowdStrike is a cloud-native endpoint cybersecurity company. It competes directly with SentinelOne, Microsoft Defender and Palo Alto. Its bread-and-butter is called endpoint detection and response (EDR), which replaces legacy anti-virus (AV). Beyond EDR, it offers applications in cloud security, log management, identity, data and so much more. These products form the “Falcon Platform." Falcon’s edge is in its ability to digest near-endless amounts of data to power uplifted and automated breach protection. Scale across a broad range of products means broader, better access to data, which is perpetually recycled to consistently augment Falcon efficacy. All of this is done with a single console and agent, ensuring superior interoperability. This process entails a large base of tools to cross-sell without incremental complexity or CRWD cost. That’s a powerful & structural margin tailwind for this model.

Important Endpoint Security Acronyms:

  • Endpoint detection and response (EDR) provides end-to-end visibility, constant monitoring and full protection of endpoints. It unveils, prioritizes & responds to threats.
  • Managed detection and response (MDR) encompasses CrowdStrike’s team of threat hunters to augment EDR with human touch.
  • Extended detection and response (XDR) is EDR with 3rd-party, non-endpoint data sources infused. This sharpens breach protection and extends it beyond the endpoint.

Important Cloud Security Acronyms (alphabet soup, I know):

  • Cloud Security Posture Management (CSPM) reveals vulnerabilities & misconfigurations.
  • Cloud Infrastructure Entitlement Management (CIEM) indicates who is entering a software environment, if these entrants are allowed and exactly what they can do.
  • Cloud Workload Protection (CWP) is a preventative measure to observe if anything bad is being done by entrants. This sounds the alarm bell to prevent cloud infrastructure attacks. It’s closely related to CSPM and CIEM.
  • Application Security Posture Management (ASPM) facilitates safe cloud app control.
  • Cloud Native Application Protection Platform (CNAPP) is the overall suite tying all of these cloud products together.

AI:

In the realm of GenAI, Charlotte AI is CrowdStrike’s security copilot. It levels up the capabilities of security analysts by actively detecting anomalies, orchestrating remediation and fixing issues in an automated, triaged fashion. It’s a force multiplier for efficiency gains in a world where most companies are starved for more security resources and talent.

  • Charlotte AI Agentic Response automates troubleshooting to expedite breach detection. It monitors lateral threat movement and offers next steps for fixing issues.
  • CrowdStrike sees the explosion of AI agents creating another massive asset class that requires protection. It is quickly building out the product suite with this in mind.
  • Charlotte AI AgentWorks is its no-code agent customization and building environment.
  • Charlotte Agentic SOAR orchestrates agentic workflows in a coordinated and controlled fashion.

CrowdStrike also offers a slew of its own security agents that are “mission ready to deliver machine-speed capabilities and accelerate outcomes.” Agents include automated malware analysis, threat hunting and search tools along with many others. These form its “Agentic Security Workforce.”

There are many more agentic AI products to discuss. To avoid making this 101 section 5+ pages, here is the link to the full Fal.Con 2025 review (section 5). It covers all of the recent AI launches and more.

Important Log Management Ideas & Becoming the Security Operations Center (SOC):

  • Security Operations Center (SOC): Consolidated destination and teams for protecting all company assets. It monitors and defends against adversaries of all kinds. CrowdStrike sometimes serves as the “operating system” or software layer for a firm's own SOC. Sometimes it is the SOC, with that same operating system joining its MDR offering to handle virtually everything for a customer.

CrowdStrike’s ability to ingest, use and recycle high-fidelity security data is vital for every product it offers. This is how it can become the de facto “Security Operations Center,” (SOC) as SOC status requires a holistic view of assets and brings complete hygiene under one vendor. SOC relies heavily on CrowdStrike’s endpoint and data cores. To ensure best usage of this data, Security Information and Event Management (SIEM) aggregates security logs/data so that organizations uncover and remediate threats faster. This is what combines and makes sense of all needed data to enable a single SOC viewpoint with native access to a wonderfully broad suite of integrated modules.

Simply put, this drives faster time to detection and remediation and cuts customer costs. Falcon Fusion Security Orchestration, Automation and Response (SOAR) is what turns this bird’s-eye view into actionable workflows to fix and proactively prevent issues. Finally, its exposure management products ensure proper asset configuration with sound computer hygiene and minimal permissions. Exposure management includes vulnerability management to uncover weak spots while Attack Surface Management aggregates ecosystem entrances to enable protection from a consolidated viewpoint. Tools like Charlotte AI Agentic Response are quickly upgrading these capabilities.

Generally speaking, SOC and its various components enable CrowdStrike to ingest more data, understand its clients more effectively, and recycle data. It then can introduce more and more modules and base that product roadmap on observed pain points, rather than guesses.

Network & Identity Security Expansion:

CrowdStrike offers a unified Falcon Identity security offering, which conjoins existing capabilities and “protects every human and non-human identity across the full lifecycle in any environment.” Specifically, it offers:

  • Network scanning vulnerability help.
  • Privileged Access Management (PAM). PAM guards access to especially sensitive or fragile accounts with a typical minimum permissions framework.
  • Multi-factor authentication (MFA).
  • Falcon Shield provides software as a service (SaaS) posture management and security. It perpetually monitors applications and their users to prevent impermissible access and guard against identity-based data theft.

Falcon Flex:

Falcon Flex is CrowdStrike’s selling program which bolsters customer “flex”ibility over product purchases. It allows clients to pay for only the modules they need, as they need them. There are no pre-set commitments and no mandated usage; they can run through credits at their leisure. This will be the firm’s main go-to-market strategy going forward, as it has shown to lower cross-selling friction, raise deal size and create stickier customers. With this, customers can use exactly what they want, when they want, which reduces selling friction and reduces procurement cycle. 

July 2024 Outage Impact Reminder:

As a reminder, CRWD created “Customer Commitment Packages” (CCPs) in response to its 2024 outage. These offer temporary discounts, trials and/or comped professional services help. Customers have mainly chosen free product trials, which is what CRWD wanted (larger contracts post CCP expiry). CCPs mostly end after next quarter, with concessions leading to temporary growth and margin headwinds still prevalent in this quarterly report.

b. Key Points

  • Strong momentum for its identity, SIEM, and cloud security growth vectors. 
  • They're confident in AI accelerating the business and being ideally positioned to take advantage of this wave. 
  • Margins are again moving in the right direction post outage. They expect a 30% FCF margin for next year. 

c. Demand

  • Beat revenue estimates by 0.9% & beat guidance by 1.2%.
    • 24.5% 2-yr revenue CAGR vs. 25.1% Q/Q & 26.5% 2 quarters ago.
  • Beat net new ARR estimates by 9.5%. Beat ARR estimate by 0.5%.
  • CrowdStrike is the fastest pure play cybersecurity firm ever to reach $5.25B in ARR. 
  • FY 2026 was CrowdStrike’s first year of crossing $1B in that new ARR. 
    • Demand continues to be supported by a 273% return on investment per Forrester Consulting. 
  • For the full year ARR rose by 24%, and that new ARR rose by 25%. 
  • The demand pipeline grew by 49% Y/Y. 
  • CrowdStrike entered a Memorandum of Understanding to provide services to Saudi Arabia's Aramco. 
  • Net revenue retention rate was 115% vs. 114% Q/Q and 111% 2 quarters ago.

d. Profits & Margins

  • Beat EBIT estimate by 2.7% & beat guidance by 2.7%.
    • EBIT margin for the year was 22%, FCF margin for the year was 26%. 
  • Beat $1.10 EPS estimate by $0.02.
  • Beat FCF estimates by 7.2%.
  • GPM expansion was powered by cloud cost optimization.

e. Balance Sheet 

  • $5.23B in cash & equivalents.
  • $745M debt. 
  • 4.5% Y/Y dilution.

f. Guidance & Valuation

  • Annual revenue guide beat estimates by 0.5%.
    • This represents 23.5% ARR growth for the year and 22.5% net new ARR growth for the year, both better than expected. 22.5% net new ARR growth is also better than the 20%+ guidance it offered last quarter, despite now growing from a higher base for FY 2027. 
  • Annual EBIT guide beat estimates by 1.8%.
  • Annual $4.84 EPS guide beat estimates by $0.04.
  • Annual ARR guide beat estimates by 1.3%.
  • Annual FCF margin guidance came in at 30%, implying FCF dollar guidance slightly ahead of expectations.
  • Q1 guide ahead on demand & light on profit.

Guidance includes Seraphic and SGNL M&A, which will boost ARR and revenue by $6.5M and $4M respectively. That's not material based on the size of this business (about 0.1%). These two acquisitions, alongside Onum and Pangaea purchases, lowered EBIT guidance by $77M and EPS guidance by $0.315. On the other hand, CrowdStrike elongated the timeline for sales commission amortization from four years to five years. Similarly to extending the useful life of a GPU for a company like Meta, this boosts profitability. That added $90M to annual EBIT guidance and $0.275 to annual EPS guidance. Excluding all of this, the revenue and ARR beats would have been the same. The EBIT beat would have been slightly smaller, and the EPS beat would have been slightly larger. 

At $405/share, CrowdStrike trades for 97x forward earnings and 70x FCF. EPS is expected to grow by 30% this year and by 27.5% next year. Free cash flow is expected to grow by 47% this year and by 29% next year. 

g. Call & Release