CrowdStrike Holdings, Inc.
Key Metrics
Market Snapshot
About
CrowdStrike Holdings, Inc. is an American cybersecurity company and one of the leading providers of cloud-delivered endpoint protection in the world, trading on the Nasdaq under the ticker CRWD. Headquartered in Austin, Texas, the company built its business around a single product idea that reshaped a large part of the security industry, the delivery of threat protection as a cloud service through one lightweight software agent installed on each device rather than through heavy on-premise appliances and locally managed software. That product, the Falcon platform, started as endpoint detection and response and has since grown into a broad suite of security modules that share the same agent and the same data. CrowdStrike is best known for that single-agent architecture, for the breach investigation and threat intelligence work that gave it early visibility into nation-state hacking, and, since the summer of 2024, for a faulty update that triggered one of the largest information technology outages on record and tested whether its customers would stay loyal through a self-inflicted crisis. The company is among the larger names in cybersecurity by recurring revenue and joined the S&P 500 in 2024.
The company was founded in 2011 by George Kurtz, Dmitri Alperovitch, and Gregg Marston, and began operating with backing from Warburg Pincus. Kurtz had been chief technology officer at the antivirus maker McAfee and had grown frustrated with signature-based protection, the older model that matched files against a list of known bad software and was always a step behind new attacks. The founding premise was that the security problem had moved beyond malware files to the behavior of attackers inside a network, and that the right place to collect and analyze that behavior was the cloud, where data from many customers could be pooled and processed at a scale no single company could manage alone. Alperovitch, the original chief technology officer, built a threat intelligence practice that publicly attributed major intrusions to specific nation-state groups, which raised the company's profile well beyond the security trade. That incident response work fed a steady stream of real attack data back into the product. The company went public on the Nasdaq in 2019 at a valuation of roughly 6.6 billion dollars, one of the more closely watched software listings of that year.
The Falcon platform is the whole of the business, and its defining feature is the single agent. A small piece of software, the sensor, is installed once on a laptop, server, or cloud workload, and from that one footprint the customer can switch on a growing list of capabilities without deploying anything new. As of 2025 the platform spanned more than twenty modules covering endpoint protection, cloud security, identity protection, data protection, security and information technology operations, threat intelligence, and log management. Because every module rides on the same sensor and reports into the same cloud, turning on a new one is a configuration change rather than an installation project. This is the technical foundation of the company's commercial model. A customer typically lands with one or two modules, most often endpoint detection and response, sees value quickly because deployment is light, and then expands by adding more over time. The industry shorthand for this is land and expand, and CrowdStrike is one of its clearest examples. The metric the company emphasizes is annual recurring revenue, the annualized value of its subscriptions, which grew from a few hundred million dollars in its early public years to past five billion dollars by the 2025 to 2026 period. Growth comes from both new customers and from existing ones buying more modules, and the share of customers running many at once has risen steadily.
The economic engine rests on data scale and on the switching costs the platform creates. Every sensor in the field feeds telemetry into a shared cloud, and that pooled stream of activity, drawn from a very large installed base, trains the detection models that decide what is normal and what is an attack. A larger base produces more data, which sharpens detection, which helps win more customers, a loop hard for a smaller rival to match because the advantage compounds with size. On top of that data moat sits a commercial one. Once a company routes its endpoint, cloud, and identity security through Falcon and trains its team on the single console, replacing it means reinstalling agents across the fleet, rebuilding workflows, and retraining staff. That friction grows with every additional module adopted, which is why the expand half of the model matters so much. The more of its security stack a customer consolidates onto Falcon, the larger and stickier the recurring contract becomes. In recent years the company has pushed this further with a purchasing model called Falcon Flex, which lets customers commit to a pool of spending they can allocate across modules as needs change, lowering the friction of adopting new parts of the platform.
The single most important event in the company's history was the outage of July 19, 2024. A faulty configuration update to the Falcon sensor on Windows, a file used to screen a category of system activity, contained a logic error that caused an out-of-bounds memory read and crashed the operating system. Roughly 8.5 million Windows machines failed and could not restart normally, many caught in boot loops that required hands-on repair. Because Falcon is widely deployed in critical infrastructure, the damage spread fast across airlines, airports, banks, hospitals, retailers, broadcasters, and government services. Thousands of flights were cancelled and the global financial cost was estimated in the tens of billions. CrowdStrike identified the error and reverted the change within about an hour and a half, but that did nothing for machines already crashed, since they could not connect to receive the fix, and recovery required manual intervention at scale. The episode was not a breach and no attacker was involved, which mattered for the company's core claim of security competence, but it was a severe failure of software quality and release process in a product trusted to sit deep inside customer machines.
The recovery since the outage is central to any current read of the company. CrowdStrike responded with customer commitment packages, a mix of discounts, additional modules, professional services, and flexible payment terms offered to affected customers, which cushioned relationships at the cost of some near-term revenue. It also overhauled how sensor updates are tested and released, adding staged rollouts and customer controls so that a single bad update can no longer reach the entire base at once. The financial results that followed suggested the customer base largely stayed. Gross retention held around 97 percent through the period, meaning the company kept the overwhelming majority of the recurring revenue it already had, and annual recurring revenue continued to grow at rates in the mid-twenties percent even as the commitment packages weighed modestly on reported figures. Leadership characterized the period as one of the company's strongest, a claim that has to be weighed against the fact that the crisis was of its own making. The durability the platform showed, with most customers choosing the cost and disruption of staying over that of ripping the agent out, is itself evidence of the switching costs described above.
Competition is intense and comes from several directions. The most strategically significant rival is Microsoft, which bundles its Defender security tools into the enterprise software and cloud subscriptions that most large organizations already buy, giving it a pricing and distribution advantage that no specialist can match on cost alone. SentinelOne competes directly in endpoint protection with its own autonomous, machine-learning approach and positions itself as the nimble alternative. Palo Alto Networks contests the cloud and operations ground through its Cortex line as it pursues its own consolidation strategy, and the two increasingly push into each other's territory. Trend Micro and a long list of specialists in individual categories round out the field. CrowdStrike's answer is that its single-agent breadth, its data scale, and the quality of its detection let it both win the endpoint contest and pull customers onto adjacent modules faster than rivals can follow. In independent industry evaluations it has been placed repeatedly among the leaders in endpoint protection, and it holds one of the larger shares of that specific market, though the broader security market is fragmented and no vendor dominates across every category.
Leadership has been stable at the top through the company's history and its crisis. George Kurtz, a co-founder, remains chief executive and the public face of the company, and his continued presence through the 2024 outage gave the recovery a consistent voice. Michael Sentonas serves as president and has taken a prominent role in the platform strategy, and Burt Podbere has served as chief financial officer through the period, with a reputation among analysts for disciplined guidance. The forward strategy centers on extending the platform into newer security domains and on artificial intelligence. The company has built a generative assistant called Charlotte AI into Falcon and has been developing it toward agentic operation, software that can investigate alerts and take defined response actions within human-set limits, a direction the whole industry is moving as security teams face more alerts than people can review. The bet is that the same single-agent, single-data-cloud architecture that won the endpoint market becomes the natural place to run autonomous security operations.
The risks are specific and worth naming. The outage demonstrated that a software quality failure in a product with deep system access can cause damage out of all proportion to the company's intent, and the legal aftermath, including litigation with Delta Air Lines in which each side blamed the other for the airline's losses, can run for years and carry both financial and reputational weight. The Microsoft bundling threat is structural rather than cyclical, since a competitor giving away adequate security inside a subscription customers already pay for can cap pricing power over time. The land-and-expand model depends on customers continuing to adopt more modules, and any slowdown in that appetite, whether from budget pressure or a renewed preference for best-of-breed specialists, would slow the growth that supports a valuation long carrying the premium typical of fast-growing software. Demand is tied to enterprise technology spending and to the threat environment, both of which can shift. And the company must now prove that its release-process reforms hold, because a second large outage would be far harder to recover from than the first.
For an investor trying to frame CrowdStrike Holdings, Inc., the company sits on a real structural advantage, a single-agent platform whose pooled data improves with scale and whose switching costs deepen as customers consolidate more of their security onto it, an advantage durable enough that most customers stayed through a self-inflicted outage of historic size. The trade-off is that the same depth of system access that makes the product valuable also makes a quality failure catastrophic, and the same recurring-revenue breadth that competitors envy is contested at the low end by a rival that can bundle security for free. The forward question is whether the platform's data and consolidation advantages compound faster than Microsoft's distribution erodes pricing and faster than the memory of the 2024 outage fades, and whether the move into agentic AI security extends the moat or simply matches what every rival is building. Live price, fundamentals, and AI analyst coverage on this page track how that question is being answered in the market.