CrowdStrike Holdings, Inc. (CrowdStrike) provides cloud-delivered protection of endpoints, cloud workloads, identity, and data via a software as a service (‘SaaS’) subscription-based model that spans multiple large security markets, including corporate endpoint security, security and IT operations, managed security services, next-gen SIEM, cloud security, identity protection, threat intelligence, data protection, exposure management and cybersecurity generative AI. The company conducts its busin...
CrowdStrike Holdings, Inc. (CrowdStrike) provides cloud-delivered protection of endpoints, cloud workloads, identity, and data via a software as a service (‘SaaS’) subscription-based model that spans multiple large security markets, including corporate endpoint security, security and IT operations, managed security services, next-gen SIEM, cloud security, identity protection, threat intelligence, data protection, exposure management and cybersecurity generative AI. The company conducts its business in the United States, as well as locations internationally, including in Australia, Germany, India, Israel, Japan, Romania, and the United Kingdom.
CrowdStrike reinvented cybersecurity for the cloud and artificial intelligence (‘AI’) era and transformed the way cybersecurity is delivered and experienced by customers. The CrowdStrike Falcon platform is designed to be the definitive platform for cybersecurity consolidation, purpose-built to stop breaches. The platform’s single, lightweight agent collects and integrates data from across the enterprise, including endpoints, cloud workloads, identities, and third-party sources. The company uses this to train its AI to detect and prevent threats and drive workflow automation to give security teams machine speed advantage to stop adversaries.
The company’s approach has defined a new category called the Security Cloud, which has the power to transform the cybersecurity industry the same way the cloud has transformed the customer relationship management, human resources, and service management industries. Using cloud-scale AI, the company’s Security Cloud enriches and correlates trillions of cybersecurity events per week with indicators of attack, threat intelligence, and enterprise data (including data from across endpoints, workloads, identities, DevOps, IT assets, and configurations) to create actionable data, identify shifts in adversary tactics, and automatically prevent threats in real-time across its customer base.
CrowdStrike: The Architectural Purpose Behind the Platform
The company’s Falcon platform was purpose-built in the cloud to harness the power of data and AI to deliver the next generation of automated protection and provide threat hunters with the intelligence required to stop sophisticated attacks, including malware-free and fileless attacks. This approach has made CrowdStrike an industry leader in protection across endpoints, cloud workloads, identity and data (capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints, such as desktops, laptops, servers, virtual machines, cloud workloads, cloud containers, mobile, and IoT devices) and enables the company to rapidly scale this best in class protection across new and emerging areas of enterprise risk.
The company offers 29 cloud modules on its Falcon platform via a SaaS subscription-based model that spans multiple large markets, including corporate endpoint and cloud workload security, managed security services, security and vulnerability management, IT operations management, identity protection, next-generation security information and event management (‘SIEM’) and log management, threat intelligence services, data protection, SaaS security posture management, Security Orchestration, Automation and Response (‘SOAR’) and AI powered workflow automation, and securing generative AI workloads.
The company’s Falcon platform is composed of tightly integrated, proprietary technologies that enables it to deliver superior protection and performance, while reducing complexity for the company’s customers. The company’s Falcon platform consists of its easily deployed, intelligent lightweight agent, and the company’s groundbreaking graph technology.
The company’s single, lightweight-agent approach has changed how organizations experience cybersecurity, delivering protection without impacting the user, resources or productivity. With the lightweight agent installed on each endpoint and cloud workload, the company’s Falcon platform automates detection and prevention capabilities in real time across its entire global customer base. This also enables the company’s Falcon platform to intelligently ingest data once and stream high fidelity data back into the Security Cloud to be re-used for multiple use cases, continuously improve its Falcon platform’s AI algorithms and make its real-time decision-making faster and smarter to keep customers ahead of changing adversary tactics.
The company’s graph technology correlates and contextualizes the vast data of its Security Cloud so the company can collect data once and reuse it repeatedly to deliver solutions that solve its customers’ biggest problems. The highly advanced graph technologies underpinning the Falcon platform include:
The company’s Threat Graph, which uses a combination of AI and behavioral pattern-matching techniques to correlate and analyze trillions of cybersecurity events, enriched with threat intelligence, and third-party data to identify and link threat activity together to automatically prevent threats in real time across CrowdStrike’s global customer base. This also provides customers with increased visibility of attacks for proactive threat hunting and timely detection and remediation of novel threats.
The company’s Intel Graph, which analyzes and correlates data and threat intelligence to visualize the connections between adversaries and attacks to help customers prioritize investigations and gain a deep understanding of the threat landscape. The latest intel on adversaries, tactics, techniques, and procedures is delivered seamlessly within the CrowdStrike Falcon platform and is mapped to the MITRE ATT&CK framework.
The company’s Asset Graph, which dynamically monitors and tracks the complex interactions among assets, providing a single holistic view of the risks those assets pose. Asset Graph provides graph visualizations of the relationships among all assets, such as devices, users, accounts, applications, cloud workloads and operations technology (‘OT’), along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organizations — without impacting IT.
By analyzing and correlating information across the company’s massive, crowdsourced dataset, it is able to deploy the company’s AI algorithms at cloud-scale and build a more intelligent, effective solution to detect threats and stop breaches that on-premises, cloud-hosted and hybrid products cannot match due to the inherent architectural limitations those products have with respect to data storage and analysis. The more data that is fed into the company’s Falcon platform, the more intelligent the Security Cloud becomes, and the more its customers benefit, creating a powerful network effect that increases the overall value the company provides.
The CrowdStrike Falcon Platform: Built to Innovate and Scale
The company’s platform approach allows it to rapidly innovate, build, and deploy highly integrated modules that address critical customer problems and access additional market opportunities. The company’s Falcon platform is composed of two tightly integrated proprietary technologies: its lightweight agent and its Security Cloud. The company’s cloud-delivered modules integrate seamlessly within the Falcon platform to provide customers with a unified set of cloud-delivered technologies across Endpoint Security, Identity Protection, Cloud Security, Next-Gen SIEM and Modern Log Management, Data Protection, Exposure Management, IT Automation, ITSecOps and Risk, Threat Intelligence, and SaaS Security Posture Management.
The company’s expanding set of open APIs and the Foundry app development platform allow customers and partners to build their own capabilities on top of the Falcon platform.
Unifying data from the company’s modules and customers into a single cloud infrastructure gives it significant advantages in developing and delivering innovative AI capabilities to detect and prevent threats, as well as improving user productivity and efficiency through cutting-edge generative AI systems such as the company’s Charlotte AI module.
CrowdStrike Falcon Platform: Unified Security Across Major Categories
The company’s cloud-native Falcon platform integrates seamlessly with its single lightweight agent to deliver robust functionality across key areas of cybersecurity and IT operations. The Falcon platform delivers 29 cloud modules, enabling customers to address their most critical areas of risk with speed, confidence, and visibility through one unified platform. Key areas of focus include:
Endpoint Security: The Falcon platform offers next-generation antivirus, endpoint detection and response (‘EDR’) and extended detection and response (‘XDR’) to defend against malware, fileless attacks, and advanced threats. With cross-domain telemetry and unified incident management, the company enables organizations to detect, investigate, and respond to threats across the security stack efficiently and effectively.
Cloud Security: CrowdStrike provides robust cloud security solutions to protect workloads, containers, and applications in real time. The company’s offerings include runtime protection, cloud security posture management, application security posture management and more to secure multi-cloud environments and enhance the resilience of cloud-native applications. By integrating seamlessly into developer workflows, it empowers teams to shift security left and mitigate vulnerabilities before deployment.
Exposure Management: CrowdStrike’s exposure management solutions unify data from multiple sources, including IT hygiene, vulnerability management, and external attack surface management. These capabilities allow organizations to predict attack paths, prioritize remediation efforts, and proactively reduce their risk exposure. Real-time insights and guided actions empower customers to address vulnerabilities before they can be exploited.
Managed Services Subscription: Falcon Complete Next-Gen Managed Detection and Response (‘MDR’) delivers a comprehensive managed security service subscription that combines 24/7 expert monitoring, investigation, response, and remediation to stop breaches across the entire attack lifecycle. Delivered by CrowdStrike’s team of security experts and powered by the AI-native Falcon platform, it combines industry-leading endpoint protection and extends managed protection across cloud security, identity protection, asset visibility, and Next-Gen SIEM, with 24/7 managed threat hunting from Falcon Adversary OverWatch for a full-stack MDR service. Falcon Complete Next-Gen MDR is also backed by an underwritten limited warranty policy, underscoring the company’s commitment to breach protection and customer confidence.
Counter Adversary Operations: CrowdStrike’s Counter Adversary Operations include proactive threat hunting and intelligence capabilities. These solutions leverage the insights of elite security experts and the power of Threat Graph to identify and mitigate advanced threats, providing customers with actionable intelligence to strengthen their defenses.
Identity Protection: Identity protection solutions from CrowdStrike safeguard against identity-based attacks with real-time detection, behavioral analytics, and policy enforcement. These capabilities provide visibility into anomalies and lateral movement, enabling organizations to defend their most critical assets.
Next-Generation SIEM and Log Management: CrowdStrike’s Next-Gen SIEM and log management solutions deliver AI-driven detection, investigation, and response capabilities, alongside high-performance log management for any data source. This comprehensive approach enhances security operations and enables organizations to respond to threats with speed and precision.
Generative AI: Innovations like Charlotte AI leverage generative AI and natural language processing to automate time-intensive tasks, enabling security analysts to work more efficiently. Charlotte AI transforms hours of routine investigation into minutes, addressing critical skills gaps and enhancing operational efficiency.
IT Automation: Falcon for IT converges security and IT operations, providing visibility into enterprise assets and enabling rapid resolution of issues. With generative AI workflows and automation capabilities, Falcon for IT empowers organizations to streamline IT processes, resolve operational challenges quickly, and maintain a secure and efficient infrastructure.
SaaS Security: Adaptive Shield, a CrowdStrike company, delivers continuous monitoring and proactive risk mitigation for business-critical SaaS applications. With context and visibility, organizations can address risks from users, devices, and non-human identities.
Application Development: The Falcon Foundry no-code application development platform allows customers to quickly create their own apps to solve custom security and IT use-cases with full access to CrowdStrike’s data, threat intelligence, automation, and cloud-scale infrastructure.
Bringing CrowdStrike to the Market
The company’s primarily sells the Falcon platform through its direct sales team that leverages the company’s network of channel partners to maximize effectiveness and scale. The company has a low friction land-and-expand sales strategy.
Strategy
The elements of the company’s growth strategy include growing its customer base by replacing legacy and other endpoint security products; further penetrating existing customers; leveraging its falcon platform to enter new markets; broadening its reach into new customer segments; broadening its reach into the U.S. public sector verticals; expanding its international footprint; and extending its falcon platform and ecosystem.
Technology
The company has designed an innovative architecture from the ground up to overcome the limitations of existing security products and deliver cloud-based solutions. The key design principles of the company’s Falcon platform include:
Cloud Native Architecture: The company built the Falcon platform entirely in and for the cloud, enabling collection and analysis of a massive, crowdsourced dataset from all its customers to stop breaches. The company’s platform is designed to be redundant, resilient, and high performing. Delivering security from the cloud enables agility, ease of use, and protection for workloads on a variety of endpoints wherever they are located. As customer adoption grows, the network effect of each additional endpoint added to the Falcon platform will amplify the breadth and depth of the company’s dataset and intelligence.
Falcon Agent: The company designed an intelligent lightweight agent that is installed on each endpoint or cloud workload. This agent incorporates identification and prevention of known and unknown malware and fileless attacks using machine learning, AI, exploit blocking, and advanced behavioral techniques, to protect workloads across all endpoints while capturing and recording high fidelity endpoint data. The company’s agent is capable of acting autonomously and continues to collect data and protect workloads running on endpoints even when offline. The agent recommences transmitting data to its Falcon platform when the connection to the cloud has been re-established.
The company’s lightweight agent is built to support Windows, Mac, and Linux operating systems. The agent is hardened against attacks and uses a combination of kernel and user-mode modules to collect and transmit high fidelity endpoint events as they take place on a system. It correlates these events using a local situational model on the endpoint, analyzes via agent-based AI models and is capable of taking a variety of preventative and responsive actions on the endpoint, either automatically or via human control. Events are streamed by the agent to the cloud in real time to be further analyzed in the Threat Graph, where additional correlation and AI algorithms can be applied. The agent is also capable of being remotely reconfigured in real time based on analytics in the company’s cloud platform to collect and analyze different events or take other actions as risk and threat postures change.
Threat Graph: Threat Graph is the company’s proprietary, powerful, scalable, and dynamic graph database. Threat Graph continually looks for malicious activity by combining AI with behavioral pattern-matching techniques to look beyond file features and track the behaviors of every OS process and software program executed on an endpoint in a customer’s network environment. By applying powerful graph analytics and AI algorithms to cybersecurity, the company enriches the data collected with its proprietary and third-party threat intelligence, such as adversary capabilities, motivations, attributions, and threat indicators. The graph data model allows the company’s AI algorithms to identify relationships between events that are not directly related but which could indicate an attack that would otherwise remain undetected. The company’s AI algorithms are advantaged by the rich proprietary dataset that it used to train them. Threat Graph provides customers with complete real time and historical visibility and insight into events occurring on their endpoints for hunting and searching, even if the endpoint is unreachable or no longer exists.
Intel Graph: Intel Graph analyzes and correlates massive amounts of data on adversaries, their victims and their tools, providing extraordinary insights into shifting adversary tactics and techniques, powering the company’s adversary-focused approach with world-class threat intelligence.
Asset Graph: Asset Graph dynamically monitors and tracks the complex interactions among enterprise entities, providing a single holistic view of the risks those assets pose. Asset Graph provides graph visualizations of the relationships among entities and assets, such as devices, users, accounts, cloud workloads, along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organizations.
High Fidelity Data and Smart Filtering: The presence of a local graph model in the company’s agent enables it to track the state of the machine in real time, perform rapid machine learning and behavioral analysis, and provide efficient event streaming to the cloud. The company calls this ‘smart filtering.’ This allows the company to keep performance overhead on the endpoint to a minimum, dramatically reduce the bandwidth required for agent-cloud communication, efficiently process large volumes of data, and separate signals from noise. The Falcon agent collects and analyzes unfiltered data with local machine learning and behavioral algorithms on the endpoint but only streams high fidelity endpoint events to the cloud to just send what is necessary for detection, prevention and investigation of attacks. This smart filtering architecture allows the company to reduce network load for its customers. The Falcon platform collects an array of high-fidelity endpoint events, such as code execution, network, file system and user activity. This information can be used for a variety of use cases beyond security, such as IT operations and vulnerability management.
Management Interface: The Falcon platform management interface gives customers an intuitive and informative view of their complete environment, with timely alerts and detailed search capabilities. The company provides real-time endpoint and cloud workload visibility to allow customers to review details and respond to threats instantly and effectively, from anywhere, and maintain an index of these events for future use.
APIs and Integrations: The company’s Falcon platform and architecture is built around a rich set of APIs that efficiently and effectively complement and expand a customer’s existing security infrastructure, such as security information event management, or SIEMs, intrusion prevention systems and intrusion detection systems. The platform includes streaming, query and batch APIs allowing customers and partners to integrate a variety of solutions seamlessly. It also includes rich management and control APIs. The platform allows third parties to develop additional cloud modules and features, furthering the power of the Falcon platform. By connecting existing security systems to the Falcon platform, it allows the company’s customers to further leverage their security investments.
Data Center Operations
The company has data center co-location facilities throughout the United States and in Europe, and it also utilizes third-party data centers located in the United States and Europe. The company’s technology infrastructure, combined with select use of third-party resources, provides it with a distributed, resilient and scalable architecture on a global scale.
Professional Services
In addition to the company’s Falcon platform and cloud modules, it offers incident response, forensic investigatory, and breach recovery services; technical assessment and strategic advisory services; Next-Gen SEIM consulting; platform deployment and operational services; as well as training and certifications to assist organizations that have experienced a breach or who are assessing their security posture and ability to respond to breaches.
Incident Response, Forensics, and Recovery Services: The company’s incident response services typically begin by deploying its lightweight agent to a customer’s endpoints or cloud workloads to provide visibility to determine if an attacker is in the environment, what assets have been compromised, and how much damage has been done. The company also provides customized surgical recovery services by providing the tools and staffing to eject attackers out of the network, lock down credentials from further use, remediate impacted systems and ensure adversaries stay out. In addition to providing valuable breach remediation to the company’s customers, its incident response services also act as a strong lead generation engine for the company’s Falcon platform and cloud modules. After experiencing the benefits of its platform firsthand, many of the company’s incident response customers become subscription customers.
Technical Assessment and Strategic Advisory Services: The company’s proactive security services include technical assessment services designed to help organizations understand their cyber maturity levels. These services include both endpoint and cloud workload compromise assessments, cybersecurity maturity assessments, security program in-depth assessments, service organization control assessments, IT hygiene assessments, and active directory security assessments. The company also advises customers on readiness and preparation through the execution of table-top exercises, live fire exercises, red team/blue team assessments, and advanced adversary emulation exercises. All these services are designed to evaluate the company’s customers’ security profile so they can identify areas of vulnerability, secure their network, and improve their response if their defenses are breached. The company’s services also align to executive and board level cybersecurity training and awareness, including by helping public companies more confidently comply with public disclosure requirements relating to assessing, identifying and managing material cybersecurity risks, and reporting material cyber incidents. The company’s programs are designed to help organizations effectively achieve cybersecurity risk reduction objectives and to maximize investments.
NextGen SIEM Professional Services: The company’s NG-SIEM professional services offer a comprehensive suite of deployment packages and ongoing support options designed to help organizations seamlessly implement and optimize the Falcon NG-SIEM platform. The company’s Essentials, Advanced, and Premium Deployment Packages provide standardized implementations that prioritize data ingestion aligned with critical use cases from the MITRE ATT&CK framework, ensuring maximum impact in detecting and responding to threats. For customers requiring deeper, hands-on expertise, the company offers Resident Engineer Services in flexible durations of 3, 6, or 12 months supporting both NG-SIEM as well as LogScale. These experts embed directly with customer teams to provide tailored guidance, ongoing optimization, and support for evolving security needs. The company’s services are designed to accelerate time-to-value, enhance security posture, and ensure the long-term success of SIEM deployments within any organization.
Platform Deployment and Operational Services: The company’s deployment and operational services are designed to help customers maximize the value of their investment in the CrowdStrike Falcon platform. These services provide seamless deployment of Falcon modules across endpoint, cloud, identity, Next-Gen SIEM and many other modules ensuring rapid time-to-value and alignment to CrowdStrike’s recommended security configurations to prevent breaches. The company’s integration services focus on enabling customers to align Falcon modules with their existing security ecosystems, leveraging its APIs and Falcon Fusion SOAR automation for improved operational efficiency. Additionally, the company’s operational services provide tailored guidance and best practices to optimize platform performance, streamline workflows, and address specific cybersecurity challenges.
CrowdStrike University Training and Certification: The company offers training and certification services to customers and partners on CrowdStrike technologies and cybersecurity topics to facilitate the adoption of CrowdStrike and to broaden and deepen their skills. CrowdStrike University is an online learning management system that organizes all CrowdStrike e-learning, instructor-led training and certification preparation courses in one place, providing a personalized learning experience for individuals who have an active training subscription. CrowdStrike offers proctored exam certifications through industry leading training partner Pearson Vue for its CrowdStrike Certified Falcon Administrator, CrowdStrike Certified Falcon Responder, CrowdStrike Certified Falcon Hunter, CrowdStrike Certified Cloud Specialist, and CrowdStrike Certified Identity Specialist programs. The company provides comprehensive training and certification programs to empower customers and partners with the knowledge and skills needed to maximize the value of CrowdStrike technologies and strengthen their cybersecurity expertise.
CrowdStrike University provides a centralized, online platform for accessing a wide range of training options including on-demand e-learning, instructor-led training, and certification preparation. The company’s offerings are designed to accommodate varying levels of proficiency from foundational concepts to advanced skills in threat detection, incident response, cloud security, intelligence and other proactive security operations aligned to the Falcon platform. The company’s CrowdStrike Certified Falcon Administrator, Responder, Hunter, Cloud Specialist, and Identity Specialist certifications validate the skillsets of its customers and partners to ensure they are properly equipped to operate the Falcon platform. The company’s training offerings provide a structured learning path to accelerate CrowdStrike adoption, drive operational success, and equip professionals with validated expertise in modern cybersecurity practices.
Customers
As of January 31, 2025, the company is trusted by more than 74,000 organizations, including its end customers and those of the company’s Managed Security Service Providers (‘MSSP’), worldwide.
Sales and Marketing
The company’s sales and marketing organizations work together closely to drive market awareness, build a strong sales pipeline and cultivate customer relationships to drive revenue growth.
Sales
The company primarily sells subscriptions to its Falcon platform and cloud modules through the company’s world-class, global sales team, which consist of field sales and inside sales professionals who are segmented by a customer’s organizational size. The company’s sales team also leverages a powerful go-to-market sales motion with its vast ecosystem of channel and alliances partners.
Marketing
The company’s marketing organization is focused on building its brand reputation, increasing the awareness and reputation of the company’s platform, and driving customer demand. As part of these efforts, the company delivers targeted content to demonstrate thought leadership in the security industry, including speaking engagements with the security industry’s foremost organizations to provide expert advice, issuing regular reports on the state of the industry, educating the public about cybersecurity threats, and identifying and naming adversary groups. The company also engages in paid media, web marketing, industry and trade conferences (including its annual Fal.Con conference), analyst engagements, whitepaper development, demand generation via digital and web, and targeted displacement campaigns. The company employs a wide range of digital programs, including search engine marketing, online and social media initiatives, and content syndication to increase traffic to its website and encourage prospective customers to sign up for a free trial of the Falcon platform. Additionally, the company engages in joint marketing activities with its channel and technology alliance partners.
Partnership Ecosystem
The company operates a partner-first go-to-market strategy to land new logos and expand in existing accounts. The company partners with a diverse set of partners. The company works with a wide array of go-to-market partners in its technology alliance partners to design go-to-market strategies that combine the company’s platform with products or services provided by its technology alliance partners. These partner integrations deliver more secure solutions and an improved end user experience to their customers. The company’s technology alliance partnerships focus on security analytics, network and infrastructure security, threat platforms and orchestration, and automation. The company launched the CrowdStrike Store, the first open cloud-based application PaaS for cybersecurity and the industry’s first unified security cloud ecosystem of trusted third-party applications. In addition, Falcon for AWS, available in the AWS Marketplace, allows customers to easily purchase and take advantage of the metered billing (pay-as-you-go) pricing option to scale their consumption as their business needs change.
Seasonality
Given the annual budget approval process of many of its customers, the company sees seasonal patterns in its business. Net new Annual Recurring Revenue (ARR) generation is typically greater in the second half of the year, particularly in the fourth quarter, as compared to the first half of the year. In addition, the company experiences seasonality in its operating margin, typically with a lower margin in the first half of the company’s fiscal year due to a step up in costs for payroll taxes and annual sales and marketing events (for the year ended January 2025).
History
CrowdStrike Holdings, Inc. was founded in 2011. The company was incorporated in 2011.
