CrowdStrike

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyberattacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC. On July 19, 2024, it issued a faulty update to its security software that caused global computer outages that disrupted air travel, banking, broadcasting, and other services.

History

CrowdStrike was co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired). The following year, they hired Shawn Henry, a former Federal Bureau of Investigation (FBI) official, to lead the subsidiary CrowdStrike Services, Inc., which offered security and response services. The company launched CrowdStrike Falcon, an antivirus package, as its first product in June 2013.

In May 2014, CrowdStrike's reports helped the United States Department of Justice to charge five Chinese military hackers with economic cyber espionage against U.S. corporations. CrowdStrike also uncovered the activities of Energetic Bear, a group connected to Russia's Federal Security Service that conducted intelligence operations against global targets, primarily in the energy sector.

After the Sony Pictures hack, CrowdStrike uncovered evidence implicating the government of North Korea and demonstrated how the attack was carried out. In 2014, CrowdStrike helped identify members of Putter Panda, the state-sponsored Chinese group of hackers also known as PLA Unit 61486.

In May 2015, the company released information about VENOM, a critical flaw in an open-source hypervisor called Quick Emulator (QEMU) that allowed attackers to access sensitive personal information. In October 2015, CrowdStrike announced that it had identified Chinese hackers attacking technology and pharmaceutical companies around the time that U.S. President Barack Obama and China's leader Xi Jinping publicly agreed not to conduct economic espionage against each other. The alleged hacking would have been in violation of that agreement.

In July 2015, Google invested in the company's Series C funding round, which was followed by Series D and Series E, raising a total of $480 million as of May 2019.

In 2017, the company reached a valuation of more than $1 billion with an estimated annual revenue of $100 million. In June 2018, the company said it was valued at more than $3 billion. Investors include Telstra, March Capital Partners, Rackspace, Accel Partners and Warburg Pincus.

In June 2019, the company made an initial public offering on the Nasdaq.

CrowdStrike expanded its identity security offerings with Falcon Identity Threat Protection, initially available in 2020, which later evolved into a managed service integrating with Falcon Complete in 2022, and a Cloud Threat Hunting Service in July 2022."CrowdStrike launches Falcon Identity Threat Protection Complete,"
''Techzine'', March 2, 2022, retrieved March 3, 2025."CrowdStrike introduces a new cloud threat hunting service,"
''VentureBeat'', July 26, 2022, retrieved March 3, 2025.

In December 2021, the company moved its headquarters location from Sunnyvale, California, to Austin, Texas.

In 2023, CrowdStrike introduced CrowdStream service in collaboration with Cribl.io. Charlotte AI, CrowdStrike's generative AI security analyst, was launched in May 2023 as part of Falcon's AI-driven security updates, enhancing automated threat triaging and response."CrowdStrike adds generative AI assistant to security tools,"
''Axios'', May 30, 2023, retrieved March 6, 2025.

In September 2023, CrowdStrike launched Falcon Foundry, a no-code application development platform directed at a wider audience,
''CSO'', September 19, 2023, retrieved March 3, 2025. and in September 2024, the company launched CrowdStrike Financial Services, which offers payment solutions and financing to improve access to the Falcon platform."CrowdStrike Unveils Financial Services, AI Tools at Fal.Con 2024,"
''Channel Insider'', September 23, 2024, retrieved March 6, 2025.

CrowdStrike joined the S&P 500 index in June 2024.

As of 2024, CrowdStrike spent more than $360,000 on federal lobbying in the first half of 2024, according to OpenSecrets, and $620,000 during 2023. The company has also focused on working with the U.S. government and selling its services to government agencies.

Acquisitions

In November 2017, CrowdStrike acquired Payload Security, a firm that developed automated malware analysis sandbox technology. In September 2020, the company acquired zero trust and conditional access technology provider Preempt Security for $96 million. In February 2021, CrowdStrike acquired Danish log management platform Humio for $400 million with plans to integrate Humio's log aggregation into CrowdStrike's XDR offering. Later that November, CrowdStrike acquired SecureCircle, a SaaS-based cybersecurity service that extends zero trust endpoint security to include data. In October 2022, CrowdStrike acquired Reposify, an external attack surface management vendor for risk management. In 2023, CrowdStrike acquired Israeli cybersecurity startup Bionic.ai. In 2024, CrowdStrike acquired Israeli cloud security startups Flow Security for $200 million and Adaptive Shield for $300 million.

Earnings

In 2024, total revenue was $3.06 billion, a 36% increase.

Russian hacking investigations

CrowdStrike helped investigate the Democratic National Committee cyberattacks and a connection to Russian intelligence services. On 20 March 2017, James Comey testified before congress stating:

CrowdStrike, Mandiant, and ThreatConnect review dthe evidence of the hack and conclude with high certainty that it was the work of APT 28 and APT 29 who are known to be Russian intelligence services.

Comey previously testified in January 2017 that a request for FBI forensics investigators to access the DNC servers was denied, saying "Ultimately what was agreed to is the private company rowdStrikewould share with us what they saw."

In December 2016, CrowdStrike released a report stating that Russian government-affiliated group Fancy Bear had hacked a Ukrainian artillery app. They concluded that Russia had used the hack to cause large losses to Ukrainian artillery units. The app (called ArtOS) is installed on tablet PCs and used for fire-control. CrowdStrike also found a hacked variation of POPR-D30 being distributed on Ukrainian military forums that utilized an X-Agent implant.

The International Institute for Strategic Studies rejected CrowdStrike's assessment that claimed hacking caused losses to Ukrainian artillery units, saying that their data on Ukrainian D30 howitzer losses was misused in CrowdStrike's report. The Ukrainian Ministry of Defense also rejected the CrowdStrike report, stating that actual artillery losses were much smaller than what was reported by CrowdStrike and were not associated with Russian hacking. Prior to this, CrowdStrike had published a report claiming that malware used in Ukraine and against the Democratic National Committee (DNC) appeared to be unique and identical, further evidence for a Russian origin of the DNC attack.

Cybersecurity firm SecureWorks discovered a list of email addresses targeted by Fancy Bear in phishing attacks. The list included the email address of Yaroslav Sherstyuk, the developer of ArtOS. Additional Associated Press research supports CrowdStrike's conclusions about Fancy Bear. Radio Free Europe notes that the AP report "lends some credence to the original CrowdStrike report, showing that the app had, in fact, been targeted."

In the Trump–Ukraine scandal, Donald Trump, then the president of the United States, held a phone call with Volodymyr Zelensky, the president of Ukraine, on 25 July 2019, in which Trump asked Zelensky to look into a conspiracy theory that was being promoted on far-right websites such as ''Breitbart News'' and Russian state media outlets such as Russia Today and Sputnik. The theory held that namely, that the Ukrainian government used CrowdStrike to hack into the Democratic National Committee's servers in 2016 and frame Russia for the crime to undermine Trump in the 2016 presidential election. The conspiracy theory has been repeatedly debunked.

2024 incident

On 19 July 2024, CrowdStrike released a software configuration file update to the Falcon endpoint detection and response agent. Flaws in the update caused blue screens of death on Microsoft Windows machines, disrupting millions of Windows computers worldwide. Affected machines were forced into a bootloop, making them unusable. This was caused by an update to a configuration file, Channel File 291, which CrowdStrike says triggered a logic error and caused the operating system to crash. The downtime caused a widespread global impact, grounding commercial airline flights, temporarily taking Sky News and other broadcasters offline, and disrupting banking and healthcare services as well as 911 emergency call centers.

By the end of the day, CrowdStrike shares closed trading at a price of $304.96, down $38.09 or 11.10%.

Although CrowdStrike issued a patch to fix the error, computers stuck in a bootloop were unable to connect to the Internet to download the patch before Falcon would be loaded and crash the device again. The recommended solution from CrowdStrike was to boot into safe mode or Windows Recovery Mode and manually delete Channel File 291. This requires local administrator access and if the device was encrypted by BitLocker, also required a recovery key. Microsoft reported that some customers were able to remediate the issue solely by rebooting impacted devices up to 15 times. On 22 July 2024, CrowdStrike shares closed the trading day at a price of $263.91, with a loss of $41.05 or 13.46%. On 24 July 2024, five days after the incident, CrowdStrike published a Post-Incident Review. That same day, CrowdStrike reportedly contacted affected channel partners with apology emails containing Uber Eats gift cards worth $10. On 6 August 2024, Crowdstrike published a Root Cause Analysis to explain the causes of the Channel File 291 Incident, and the mitigation steps the company took to eliminate future incidents. CrowdStrike made several process improvements in response to the 19 July incident. These include: adding new content configuration test procedures; implementing additional deployment layers and acceptance checks for its content configuration system; engaging two third-party vendors to review Falcon sensor code, and the company's quality control and release processes; and staggering update rollout in which users can select their preferred timing for updates. The CrowdStrike incident cost Fortune 500 companies $5.4 billion.

See also

* Operating systems
* Chinese intelligence activity abroad
* Chinese espionage in the United States
* Timeline of Russian interference in the 2016 United States elections
* Timeline of investigations into Donald Trump and Russia (January–June 2017)

References

External links

*
*

{{NASDAQ-100

2011 establishments in California
2019 initial public offerings
2019 Trump–Ukraine scandal
American companies established in 2011
Business services companies established in 2011
Business services companies of the United States
Companies based in Austin, Texas
Companies based in Sunnyvale, California
Companies listed on the Nasdaq
Computer companies established in 2011
Computer companies of the United States
Computer security companies
Internet technology companies of the United States
Organizations associated with Russian interference in the 2016 United States elections
Science and technology in Texas
Security companies of the United States
Technology companies based in the San Francisco Bay Area
Warburg Pincus companies