With security revenue surging, CrowdStrike wants to be a broader enterprise IT player

The company, which grew from $1 billion in annual recurring revenue to $2 billion in just 18 months, is expanding deeper within the cybersecurity market and into the wider IT space as well.

CrowdStrike logo

CrowdStrike is well positioned at a time when CISOs are fed up with going to dozens of different vendors to meet their security needs.

Image: Protocol

CrowdStrike is finding massive traction in areas outside its core endpoint security products, setting up the company to become a major player in other key security segments such as identity protection as well as in IT categories beyond cybersecurity.

Already one of the biggest names in cybersecurity for the past decade, CrowdStrike now aspires to become a more important player in areas within the wider IT landscape such as data observability and IT operations, CrowdStrike co-founder and CEO George Kurtz told Protocol in a recent interview.

"I would say down the road, we will be known for more than just security. And we're starting to see that today," Kurtz said.

CrowdStrike brings plenty of credibility from its work in cybersecurity to its effort to penetrate the broader IT space, according to equity research analysts who spoke with Protocol. The company recently disclosed surpassing $2 billion in annual recurring revenue, just 18 months after reaching $1 billion. And even with CrowdStrike’s scale, it's continued to generate revenue growth in the vicinity of 60% year-over-year in recent quarters.

In a highly fragmented market like cybersecurity, this type of traction for a vendor is unique, said Joshua Tilton, senior vice president for equity research at Wolfe Research. "They're sustaining [rapid] growth and profitability, which is very rare in this space."

At the root of CrowdStrike's surge in adoption is its cloud-native software platform, which allows security teams to easily introduce new capabilities without needing to install another piece of software on user devices or operate an additional product with a separate interface. Instead, CrowdStrike provides a single interface for all of its services and requires just one software agent to be installed on end-user devices.

As a result, CrowdStrike can tell existing customers who are considering a new capability, “‘You already have our agent — turn it on, try it out,’” Kurtz said. “‘And if you like it, keep it on.’ It's that easy.”

For years, Kurtz has touted the potential for CrowdStrike to serve as the "Salesforce of security" thanks to this cloud-based platform strategy. But at a time when cybersecurity teams are looking to consolidate on fewer vendors and are short on the staff needed to operate tools, CrowdStrike's approach is increasingly resonating with customers, analysts told Protocol.

The company has now expanded well beyond endpoint detection and response, a category it pioneered to improve detection of malicious activity and attacks (such as ransomware and other malware) on devices such as PCs. Along with endpoint protection, CrowdStrike now offers security across cloud workloads, identity credentials, and security and IT operations.

The cloud-native platform concept is still early on for cybersecurity, but if CrowdStrike's momentum continues, it's poised to potentially become the first "fully integrated, software-based platform" in the security industry, Tilton said. That's in contrast to other platform security vendors that are hampered by architectures that predated the cloud, or that rely on hardware for some of their functionality.

"CrowdStrike's DNA is that they've come as a cloud-native company with a focus on security from day one," said Shaul Eyal, managing director at Cowen. "It does provide them with an edge."

Endpoint challenge

Even with CrowdStrike’s advantages, there are no guarantees it will maintain a leading position in a market as large and competitive as endpoint security. There, the company faces a fierce challenge from Microsoft and its Defender product. It’s a topic that Kurtz is outspoken as ever about.

In regards to Microsoft, "if you are coming out with zero-day vulnerabilities on a weekly basis, which are being exploited, that doesn't build trust with customers," Kurtz said.

"I'm not saying they're not going to win deals. Because they're Microsoft, sure, they're going to win some deals," he said. "But we do see deals boomerang back our way when someone has an issue. Many of the breaches that we actually respond to [are for customers with] Microsoft endpoint technologies in use."

Even so, Microsoft brings plenty of advantages of its own in terms of its security approach, analysts told Protocol. Much of the business world counts itself as part of the Microsoft customer base already, and the company has seen major success in bundling its Defender security product into its higher-tier Office 365 productivity suite, known as E5. As of Microsoft's quarter that ended June 30, seats in Office 365 E5 climbed 60% year-over-year, the company reported.

And for every CISO who thinks it doesn't make sense to trust Microsoft on security due to vulnerabilities in its software products, there is another CISO who thinks Microsoft's ubiquity in IT is exactly why the tech giant is worth leveraging for security, Tilton said.

Beyond the successful bundling strategy, Microsoft has overall done "an exceptional job of elevating security within their product portfolio," said Gregg Moskowitz, managing director and senior enterprise software analyst at Mizuho Securities USA.

Still, "we do typically hear that Microsoft has limitations when it comes to what an enterprise's requirements are across some of these cybersecurity areas," including on endpoint, Moskowitz said. At the same time, "we do believe Microsoft's going to get a lot stronger over time," he said.

IDC figures have shown CrowdStrike in the lead on endpoint security market share, with 12.6% of the market in 2021, compared to 11.2% for Microsoft. CrowdStrike's growth of 68% in the market last year, however, was surpassed by Microsoft's growth of nearly 82%, according to the IDC figures.

Still, Kurtz argued that CrowdStrike has the leg up in endpoint for plenty of other reasons beyond the lack of the same security baggage via vulnerability issues at Microsoft.

The chief advantage goes back to CrowdStrike's single-agent architecture, which he said requires fewer staff to operate and has a lower impact on user devices. That translates to better performance and less use of memory because the product does not rely on analyzing digital patterns, known as signatures, for signs of an attack.

I would say down the road, we will be known for more than just security. And we're starting to see that today.

All of these factors need to be considered when doing the math around how much it will cost to implement an endpoint security product into an operation, Kurtz said. Based on that math, "we are significantly cheaper to operationalize than Microsoft," he said.

CrowdStrike has particularly stood out with customers when it comes to the lower performance impact from its Falcon product line, said John Aplin, an executive security adviser at IT services provider World Wide Technology.

The company recently worked with one of the largest U.S. banks to select a new endpoint security product, and the choice came down to CrowdStrike or Microsoft Defender, he said. While the bank was initially tempted to utilize its E5 licensing and go with Defender, Aplin said, extensive testing revealed Falcon's comparatively lighter-weight impact on devices, prompting the customer to pick CrowdStrike.

Performance impact is not a trivial thing when customers are often running 40 to 70 different security tools, he said. So while being able to provide reliable security is obviously important, the "operational effectiveness" in areas such as performance impact on devices is "where CrowdStrike always wins," he said.

The reputation for trustworthy security that CrowdStrike has built since its founding in 2011 shouldn't be minimized as a factor either, according to Wolfe Research's Tilton.

By and large, CISOs make purchasing decisions "based on the amount of minutes of sleep at night" they expect to get from a product, he said. CrowdStrike's "first-mover" advantage in endpoint detection and response is a huge one, and its brand awareness is virtually unmatched in security, probably on par only with that of Palo Alto Networks, Tilton said.

While some smaller challengers, chiefly SentinelOne, have made headway in the endpoint security space, they have an uphill battle, he said. In endpoint security, "the CISO has to have a good reason to not buy CrowdStrike."

Beyond the endpoint

In categories outside of endpoint security, CrowdStrike doesn't yet enjoy the same stature. But in some areas, such as identity security, it's on track to get there quickly.

Misuse of credentials has emerged as the biggest source of breaches by far as workers have moved outside of the protections of the office firewall, according to Verizon. While CrowdStrike isn't trying to compete with identity management vendors such as Okta or Ping Identity, the company does believe it's found a sweet spot in helping customers to counter identity-based threats, Kurtz said.

Following its fall 2020 acquisition of identity security vendor Preempt Security, CrowdStrike has added identity protection and detection capabilities to its platform, and customer adoption has been "like a rocket ship," Kurtz said. During CrowdStrike’s fiscal second quarter, ended July 31, customer subscriptions to the company's identity protection module doubled from the previous quarter.

That's a "stunning level of adoption from customers," Mizuho's Moskowitz said. Given that CrowdStrike paid $96 million for Preempt, "that's clearly one of the best small to midsize acquisitions that we’ve seen in software in recent years," he said.

CrowdStrike refers to its various add-on security capabilities as modules, and currently has 22 in total, up from 11 in late 2019. A forthcoming module based on the company’s planned acquisition of startup Reposify will be aimed at spotting exposed internet assets for customers, bringing CrowdStrike into the very buzzy market for “external attack surface management.”

Besides identity protection, the company’s other fastest-growing module at the moment is data observability, based on its early 2021 acquisition of Humio, which was recently rebranded to Falcon LogScale. And while highly applicable to security, observability focuses on tracking and assessing many types of IT data. Observability enables customers to "do things that are not just security-related," Kurtz said, such as deploying software patches and taking other actions to improve IT hygiene.

George Kurtz, chief executive officer of Crowdstrike Inc., stands for a photograph following a Bloomberg Technology television interview in San Francisco, California, U.S., on Wednesday, Sept. 25, 2019. Kurtz reacted to President Donald Trump's cryptic remark about the company in a call to Ukraine's president. Photographer: Michael Short/Bloomberg via Getty ImagesGeorge Kurtz, CEO of CrowdStrike. Photo: Michael Short/Bloomberg via Getty Images

In total, CrowdStrike reported that it was generating $2.14 billion in annual recurring revenue as of its latest quarter, with its "emerging products" category contributing $219 million. ARR for those emerging products — which include identity protection and observability, but not more-established areas for CrowdStrike, such as workload protection — surged 129% from the same period a year before.

Looking ahead, "we'll continue to solve problems that are outside of core endpoint protection and workload protection, but are related, in the IT world," Kurtz said.

Security expansion

Even within cybersecurity itself, CrowdStrike's emphasis on observability "shows that the industry is starting to recognize that cybersecurity is a data problem," said Deepak Jeevankumar, a managing director at Dell Technologies Capital, who had led an investment by the firm into Humio.

CrowdStrike has no ambitions to get into areas such as network or email security, Kurtz noted. But if a certain business challenge involves collecting and evaluating data from endpoints or workloads, whether that's IT or security data, "we can do that," he said.

Application security is another future area of interest, Kurtz said. Given the criticality of many business applications, "understanding their security, who's using them, how they're being used — that's important for organizations of many sizes to have that level of visibility and protection."

Within security, CrowdStrike is also notably embracing an approach that's come to be known as extended detection and response, or XDR, for correlating data feeds from a variety of different security tools. CrowdStrike's XDR approach taps into data both from its own products and from third-party tools, including vendors in its CrowdXDR Alliance that have technical integrations with CrowdStrike.

While XDR is no doubt an industry buzzword, it's the most effective way yet to put the pieces together and understand how a cyberattack occurred, Kurtz said. "Before XDR, we were sort of blind to how [an attacker] got to the endpoint," he said. "Now we’re able to tell the whole story."

CrowdStrike offers a number of managed security services as well, which the vendor was quick to recognize as an important option amid the cybersecurity talent shortage, according to Peter Firstbrook, vice president and analyst at Gartner.

“CrowdStrike actually perfected this,” Firstbrook said. “They ran into this roadblock early. Customers said, ‘Look, this [technology] is really cool. But we don't have anybody that can manage it.’”

Ultimately, CrowdStrike is well positioned at a time when CISOs are fed up with going to dozens of different vendors to meet their security needs, Cowen's Eyal said. The current refrain from CISOs is, "'We want to deal with the Costco or the Walmart, the big supermarket, for all of our security needs,'" he said. In that respect, "the platform approach is absolutely going to be benefiting [vendors] like CrowdStrike."

Over the years, Kurtz said he hasn't backed away from comparing CrowdStrike with Salesforce for a good reason: It's a meaningful comparison, which has only gotten more so as time has gone on.

"I've said this since I started the company, that we wanted to be that 'Salesforce of security' — to have a true cloud platform that would allow customers to do more things with a single-agent architecture," he said. "We haven't really deviated from that."


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories