The cybersecurity landscape is shifting, and with it, how organizations procure the defenses they need. CrowdStrike, a leading player in the field, is responding with a significant expansion of its flexible licensing model, dubbed “Flex,” to now encompass its full suite of expert-led security services. This move, announced March 24, 2026, at RSA Conference in San Francisco, aims to address the growing skills gap and cost pressures facing security teams even as aligning services more closely with evolving real-time risks.
Traditionally, cybersecurity services have been purchased in fixed engagements, often requiring upfront commitments and potentially leaving organizations with unused hours or scrambling for additional support as threats change. CrowdStrike’s Flex for Services breaks from this model, offering a consumption-based approach where organizations access a flexible pool of service hours applicable to a range of needs – from threat hunting and incident response to AI advisory and red teaming. This shift, according to CrowdStrike, reflects a broader trend in cybersecurity procurement driven by the rise of AI and the increasing complexity of the threat landscape.
A New Model for a Changing Threat Environment
The move to a more flexible model isn’t happening in a vacuum. The proliferation of AI-driven threats, coupled with a persistent shortage of skilled cybersecurity professionals, is forcing organizations to rethink their security strategies. “As AI-driven threats accelerate and security teams face growing skills and cost pressures, traditional services models based on fixed engagements can’t keep pace,” CrowdStrike explained in its announcement. The company reports a $1.69 billion ending ARR cohort of Flex account value in Q4 FY26, representing growth of over 120 percent year-over-year, signaling strong market demand for this type of subscription-based approach. This growth underscores a broader industry trend toward prioritizing agility and outcome-based security solutions.
What Flex for Services Offers
Flex for Services operates independently of existing Falcon platform subscriptions, making it accessible to a wider range of organizations. The offering extends the benefits of the Falcon Flex model – which prioritizes consumption based on actual need – to CrowdStrike’s entire portfolio of expert-led services. This includes proactive services like readiness assessments and AI advisory, as well as reactive capabilities such as incident response and threat hunting. Organizations can now tap into CrowdStrike’s expertise as needed, aligning security spending with their current risk profile.
To further incentivize adoption, CrowdStrike is introducing the “Zero Dollar Flex Fund.” For a limited time, qualifying new services customers will receive 200 hours of elite CrowdStrike Services – 160 hours dedicated to incident response and 40 hours for proactive measures – with no upfront initiation costs. This initiative is designed to lower the barrier to entry and allow organizations to experience the benefits of CrowdStrike’s services firsthand.
Benefits for Partners and the Ecosystem
CrowdStrike isn’t just focusing on direct customer benefits. Flex for Services is also intended to empower its partner network, including system integrators, managed service providers, and incident response firms. “Flex for Services unlocks new growth for CrowdStrike’s global ecosystem,” the company stated. By extending the flexible consumption model to customers, partners can better align services with risk, scale delivery more efficiently, and foster repeatable business growth. Robb Mayeski, global head of CrowdStrike Services at Kroll, emphasized the collaborative nature of this approach, stating, “This isn’t competition, it’s collaboration.”
Kroll’s perspective highlights a key aspect of the strategy: enabling partners to deliver value-added services powered by CrowdStrike’s technology and expertise. This allows partners to focus on their core competencies while leveraging a robust security platform and a team of world-class experts.
CrowdStrike’s chief global services officer, Tom Etheridge, believes This represents a fundamental shift in how cybersecurity is procured. “When a model works, the market follows. Falcon Flex is the blueprint for how modern organizations procure cybersecurity and how vendors now go to market,” he said. “Flex for Services extends that model to security services, shifting the consumption model from hours to outcomes. It brings Falcon into more environments and opens new opportunities for our service partners. Innovation doesn’t stop at technology.”
To learn more about Flex for Services, organizations can visit CrowdStrike at booth #N-5845 at RSA Conference or explore resources on the CrowdStrike website.
Looking ahead, CrowdStrike will continue to refine and expand its Flex offerings, adapting to the evolving needs of the cybersecurity market. The company’s next earnings call, scheduled for June 2026, is expected to provide further insights into the adoption and impact of Flex for Services.
What are your thoughts on the shift to flexible consumption models in cybersecurity? Share your insights in the comments below.
