CrowdStrike

CrowdStrike was co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired).^{[9][10][11][12]} The following year, the company hired Shawn Henry, a former Federal Bureau of Investigation (FBI) official, to lead the subsidiary CrowdStrike Services, Inc., which offered security and response services.^[13][14] The company launched CrowdStrike Falcon, an antivirus package, as its first product in June 2013.^[15][16]

In May 2014, CrowdStrike's reports helped the United States Department of Justice charge five Chinese military hackers with economic cyber espionage against U.S. corporations.^[17] CrowdStrike also uncovered the activities of Energetic Bear, a group connected to Russia's Federal Security Service which conducted intelligence operations against global targets, primarily in the energy sector.^[18]

Following the 2014 cyberattack on Sony Pictures, CrowdStrike identified evidence suggesting North Korean government involvement and provided analysis on the methods used in the attack.^[19] CrowdStrike also helped identify members of Putter Panda, the state-sponsored Chinese group of hackers also known as PLA Unit 61486.^[20][21]

In May 2015, the company reported a serious security problem called VENOM. It was found in QEMU, a program used to run virtual computers, and could let hackers steal private information.^[22][23] In October 2015, the company announced that it had identified Chinese hackers attacking technology and pharmaceutical companies around the time that U.S. President Barack Obama and China's leader Xi Jinping publicly agreed not to conduct economic espionage against each other. The alleged hacking would have been in violation of that agreement.^[24]

In July 2015, Google invested in the company's Series C funding round.^[25][26][27]

In 2017, Crowdstrike reached a valuation of more than $1 billion with an estimated annual revenue of $100 million.^[28] In June 2018, the company said it was valued at more than $3 billion.^[26] Investors at the time included Telstra, March Capital Partners, Rackspace, Accel Partners and Warburg Pincus.^[29][30]

In June 2019, the company made an initial public offering on the Nasdaq.^[31][32]

In 2020, CrowdStrike launched a tool called Falcon Identity Threat Protection to help protect user identities. In 2022, it became a managed service, meaning CrowdStrike started running it for customers. That same year, they added a cloud-based threat hunting feature to look for signs of attacks.^[33][34]

In December 2021, the company moved its headquarters location from Sunnyvale, California, to Austin, Texas.^[35]

In 2023, CrowdStrike introduced CrowdStream service in collaboration with Cribl.io.^[36] Charlotte AI, CrowdStrike's generative AI security analyst, was launched in May 2023 as part of Falcon's AI-driven security updates, enhancing automated threat triaging and response.^[37]

In September 2023, CrowdStrike launched Falcon Foundry, a no-code application development platform directed at a wider audience,^[38] and in September 2024, the company launched CrowdStrike Financial Services, which offers payment solutions and financing to improve access to the Falcon platform.^[39]

The company joined the S&P 500 index in June 2024.^[40]

Acquisitions

Crowdstrike has a history of acquisitions, including:

• November 2017: Payload Security (develops automated malware analysis sandbox technology)^[41]
• September 2020: Preempt Security (zero trust and conditional access technology provider): $96 million^[42]
• February 2021: Humio (Danish log management platform): $400 million.^[43]
• November 2021: SecureCircle (SaaS-based cybersecurity service)^[44]
• October 2022: Reposify (an external attack surface management vendor for risk management)^[45]
• September 2023: Bionic.ai (Israeli cybersecurity startup)^[46]
• November 2024: Flow Security ($200 million) and Adaptive Shield ($300 million) (Israeli cloud security startups)^[47][48]
• August 2025: Onum (Spanish company focused on managing real-time telemetry pipelines)^[49]
• January 2026: SGNL (California-based identity security firm): $750 million^[50]
• January 2026: Seraphic Security (Israel-based cybersecurity firm specializing in browser runtime security): $420 million.^[51]

In 2024, total revenue was $3.06 billion, a 36% increase.^[57]

CrowdStrike helped investigate the Democratic National Committee cyberattacks and a connection to Russian intelligence services.^[58] On 20 March 2017, then-FBI director James Comey testified before congress stating:^[59]

"CrowdStrike, Mandiant, and ThreatConnect review[ed] the evidence of the hack and conclude[d] with high certainty that it was the work of APT 28 and APT 29 who are known to be Russian intelligence services."

Comey previously testified in January 2017 that a request for FBI forensics investigators to access the DNC servers was denied, saying Crowdstrike agreed to share information.^[60]

In December 2016, CrowdStrike released a report stating that Russian government-affiliated group Fancy Bear had hacked a Ukrainian artillery app.^[61] The report concluded that Russia had used the hack to cause large losses to Ukrainian artillery units. The app (called ArtOS) was installed on tablet PCs and used for fire-control.^[62] CrowdStrike also found a hacked variation of POPR-D30 being distributed on Ukrainian military forums that utilized an X-Agent implant.^[63]

The U.K.-based think tank International Institute for Strategic Studies said CrowdStrike’s report wrongly used its data and denied that hacking caused Ukraine’s artillery losses. The Ukrainian Ministry of Defense also rejected the CrowdStrike report, stating that actual artillery losses were much smaller than what was reported by CrowdStrike and were not associated with Russian hacking.^[64] Prior to this, CrowdStrike had published a report claiming that malware used in Ukraine and against the Democratic National Committee (DNC) appeared to be unique and identical, offering it as further evidence for a Russian origin of the DNC attack.^[65]

Cybersecurity firm SecureWorks discovered a list of email addresses targeted by Fancy Bear in phishing attacks. The list included the email address of Yaroslav Sherstyuk, the developer of ArtOS.^[66] Additional Associated Press research supports CrowdStrike's conclusions about Fancy Bear.^[67] Radio Free Europe notes that the AP report "lends some credence to the original CrowdStrike report, showing that the app had, in fact, been targeted."^[68]

On 19 July 2024, CrowdStrike released a faulty configuration update for its Falcon Sensor software on Microsoft Windows systems. The update caused around 8.5 million computers to crash and fail to restart properly. The disruption affected organizations in many sectors, including airlines, healthcare providers, financial institutions, media companies, and government services in multiple countries.^[69][70]

CrowdStrike identified the faulty configuration update as the cause of the incident and stated that it was not the result of a cyberattack. The company released guidance and tools to help customers restore affected systems. Chief executive George Kurtz and other senior leaders issued public apologies, saying the company was “deeply sorry” for the disruption and announcing planned process changes to reduce the risk of similar incidents in the future.^[71][72][73]

The outage led to industry and policy discussions about the risks associated with widely used, centralized security software and the importance of improving operational resilience in global information technology infrastructure.^[74][75]

Delta Air Lines and CrowdStrike filed lawsuits against each other following the July 2024 Falcon software update.^[76][77][78]

On October 25, 2024, Delta filed a lawsuit against CrowdStrike in Georgia state court, seeking approximately $500–550 million in damages. The airline said the claim covered flight cancellations, lost revenue, and costs related to restoring its operations after the Falcon software update.^[79][80] A Georgia judge allowed Delta to proceed with key claims in its lawsuit, including allegations of gross negligence and computer trespass, while limiting certain fraud claims.^[76][81]

On the same day that Delta filed its lawsuit, CrowdStrike filed a separate suit in the United States District Court for the Northern District of Georgia. The company sought a declaratory judgment stating that any liability arising from the July 2024 incident is limited by the terms of the parties’ service contract.^[82]

CrowdStrike acknowledged that the flawed configuration update caused the global outage. The company stated that it identified the issue quickly and released a corrective update, with most major airline customers were operating at near-normal levels by the following day.^[78][83] Delta experienced longer disruptions than other major airlines following the outage. CrowdStrike argued that the extended impact on Delta was due to the airline’s own information technology architecture and operational decisions, including its reliance on Microsoft Windows systems and its approach to system recovery, rather than the software update itself.^[83][84][78]

• 2024 Delta Air Lines disruption
• Operating systems
• Chinese intelligence activity abroad
• Chinese espionage in the United States
• Timeline of Russian interference in the 2016 United States elections
• Timeline of investigations into Donald Trump and Russia (January–June 2017)