With security revenue surging, CrowdStrike wants to be a broader enterprise IT player
by Kyle Alspach, Protocol
CrowdStrike is finding massive traction in areas outside its core endpoint security products, setting up the company to become a major player in other key security segments such as identity protection as well as in IT categories beyond cybersecurity.
Already one of the biggest names in cybersecurity for the past decade, CrowdStrike now aspires to become a more important player in areas within the wider IT landscape such as data observability and IT operations, CrowdStrike co-founder and CEO George Kurtz told Protocol in a recent interview.
"I would say down the road, we will be known for more than just security. And we're starting to see that today," Kurtz said.
CrowdStrike brings plenty of credibility from its work in cybersecurity to its effort to penetrate the broader IT space, according to equity research analysts who spoke with Protocol. The company recently disclosed surpassing $2 billion in annual recurring revenue, just 18 months after reaching $1 billion. And even with CrowdStrike's scale, it's continued to generate revenue growth in the vicinity of 60% year-over-year in recent quarters.
In a highly fragmented market like cybersecurity, this type of traction for a vendor is unique, said Joshua Tilton, senior vice president for equity research at Wolfe Research. "They're sustaining [rapid] growth and profitability, which is very rare in this space."
At the root of CrowdStrike's surge in adoption is its cloud-native software platform, which allows security teams to easily introduce new capabilities without needing to install another piece of software on user devices or operate an additional product with a separate interface. Instead, CrowdStrike provides a single interface for all of its services and requires just one software agent to be installed on end-user devices.
As a result, CrowdStrike can tell existing customers who are considering a new capability, "'You already have our agent — turn it on, try it out,'" Kurtz said. "'And if you like it, keep it on.' It's that easy."
For years, Kurtz has touted the potential for CrowdStrike to serve as the "Salesforce of security" thanks to this cloud-based platform strategy. But at a time when cybersecurity teams are looking to consolidate on fewer vendors and are short on the staff needed to operate tools, CrowdStrike's approach is increasingly resonating with customers, analysts told Protocol.
… … …
The company recently worked with one of the largest U.S. banks to select a new endpoint security product, and the choice came down to CrowdStrike or Microsoft Defender, he said. While the bank was initially tempted to utilize its E5 licensing and go with Defender, Aplin said, extensive testing revealed Falcon's comparatively lighter-weight impact on devices, prompting the customer to pick CrowdStrike.
Performance impact is not a trivial thing when customers are often running 40 to 70 different security tools, he said. So while being able to provide reliable security is obviously important, the "operational effectiveness" in areas such as performance impact on devices is "where CrowdStrike always wins," he said.
The reputation for trustworthy security that CrowdStrike has built since its founding in 2011 shouldn't be minimized as a factor either, according to Wolfe Research's Tilton.