CrowdStrike Holdings, Inc.
CorpDigest
CrowdStrike Holdings, Inc.
Company History
Founded 2011 in Austin, Texas
Last reviewed: 2025-07-15 · By Swet Parvadiya
2011. George Kurtz, who had been CTO of McAfee, co-founds CrowdStrike with Gregg Marston, Dmitri Alperovitch, and Bimal Patel. The founding premise was specific: legacy antivirus software was fundamentally broken because it relied on signature databases — lists of known bad files — that required constant updates and caught nothing new until after the first victim was already compromised. The signature model was reactive. The future was behavioral.
The Falcon platform emerged from stealth in 2012 with a cloud-native architecture that sent telemetry to a central processing system rather than running detection logic locally on each endpoint. That architectural decision was controversial. Enterprise security buyers were accustomed to owning their security infrastructure. Sending endpoint telemetry to a third-party cloud was a trust leap. CrowdStrike spent the early years making the case that cloud-based threat detection was faster and more comprehensive than on-premise alternatives.
The 2016 attribution of the Democratic National Committee hack to Russian intelligence — published by CrowdStrike's Counter Adversary Operations team — put the company on the front page of every newspaper in America. The attribution was contested by Russian officials and, briefly, by domestic political actors. The controversy generated more public attention for CrowdStrike than any marketing campaign could have purchased.
The 2019 NASDAQ IPO raised $612 million at an initial valuation of approximately $6.6 billion, giving Kurtz the currency to accelerate platform development. The post-IPO expansion into identity protection, threat intelligence, and cloud security transformed the company from an endpoint vendor into a broader security platform — which is exactly what the 115% net dollar retention rate reflects.
George Kurtz is the co-founder and Chief Executive Officer of CrowdStrike, having led the company from its inception in 2011 to a $65 billion market capitalization enterprise software giant. Prior to founding CrowdStrike, Kurtz served as the Chief Technology Officer at McAfee, where he oversaw the development of the company’s endpoint security products and gained firsthand insight into the limitations of signature-based antivirus software. Kurtz’s technical expertise and visionary leadership were instrumental in architecting the Falcon platform’s cloud-native, single-agent architecture, which revolutionized the cybersecurity industry by eliminating the performance degradation associated with legacy security software. Under his leadership, CrowdStrike has achieved a 36% compound annual growth rate, expanded its total addressable market to $100 billion, and established the Threat Graph as the industry’s most comprehensive telemetry engine. Kurtz is a frequent speaker at global security conferences and a recognized expert in adversary tradecraft, threat intelligence, and cloud-native security architecture.
Gregg Marston is the co-founder and former President of CrowdStrike, bringing extensive enterprise software commercialization experience to the founding team. Prior to CrowdStrike, Marston served as the President and Chief Operating Officer of AirDefense, a wireless security company that was acquired by IBM in 2007, and held senior leadership roles at Network Associates (later McAfee). Marston’s expertise in building and scaling channel partner ecosystems was instrumental in developing CrowdStrike’s 10,000-partner global reseller network, which now drives 70% of the company’s new business. His strategic guidance during CrowdStrike’s 2019 IPO and subsequent follow-on offerings ensured that the company maintained optimal capital structure while funding aggressive research and development initiatives. Marston’s commercial acumen and deep relationships with Fortune 500 CIOs provided CrowdStrike with the critical early adopters needed to validate the cloud-native endpoint protection model and establish the data network effect that underpins the company’s competitive advantage.
Dmitri Alperovitch is the co-founder and former Chief Technology Officer of CrowdStrike, recognized globally as one of the foremost experts on nation-state cyber threats and adversary tradecraft. Born in Russia and educated in the United States, Alperovitch brought deep technical expertise and extensive connections in the global intelligence community to the CrowdStrike founding team. He established and led the Counter Adversary Operations team, a 300-person elite unit of former intelligence officers and reverse engineers who track 200 distinct threat actor groups, including state-sponsored APTs from Russia, China, Iran, and North Korea. Alperovitch’s threat intelligence research was instrumental in CrowdStrike’s high-profile 2016 attribution of the Democratic National Committee hack to Russian military intelligence, a moment that cemented the company’s reputation as the industry’s leading threat intelligence provider. His contributions to the Falcon platform’s indicator of attack (IOA) engine and threat intelligence feeds established the data foundation that allows CrowdStrike to detect and block novel adversary behaviors in an average of 19 seconds.
George Kurtz, Gregg Marston, Dmitri Alperovitch, and Bimal Patel founded CrowdStrike with $5 million in seed funding from General Atlantic and Accel Partners, establishing the vision for a cloud-native endpoint protection platform.
CrowdStrike launched the Falcon platform to a handful of early Fortune 500 adopters, introducing a lightweight agent that consumed less than 1% of CPU resources and streamed telemetry to a centralized cloud architecture.
CrowdStrike publicly attributed the Democratic National Committee cyber breach to two Russian nation-state threat actors, Fancy Bear and Cozy Bear, cementing its reputation as the industry’s leading threat intelligence provider.
CrowdStrike completed a $612 million initial public offering on the NASDAQ under the ticker CRWD, pricing shares at $34 and establishing the capital base required to accelerate research and development and pursue strategic acquisitions.
CrowdStrike introduced its first generative AI capabilities, laying the groundwork for Charlotte AI, which would eventually allow security analysts to query the Threat Graph using natural language prompts.
CrowdStrike acquired Humio for approximately $400 million, rebranding the technology as LogScale to enter the $4 billion log management market and provide a next-generation SIEM capable of ingesting petabytes of data.
CrowdStrike reached $3.06 billion in total revenue for fiscal year 2024, representing a 36% year-over-year increase and achieving its first full year of GAAP profitability with $140 million in operating income.
A faulty logic update to Channel File 291 caused 8.5 million Windows devices to encounter a Blue Screen of Death, triggering a global IT crisis and prompting CISA to issue guidelines urging enterprises to diversify their security stack.
CrowdStrike acquired Humio to enter the $4 billion log management market and provide a next-generation SIEM capable of ingesting petabytes of security and IT operations data at a fraction of the cost of legacy SIEMs like Splunk.
CrowdStrike acquired Bionic to enhance its Falcon Cloud Security module with application security posture management (ASPM) capabilities, enabling the company to offer a comprehensive cloud-native application protection platform (CNAPP) that competes with Wiz and Prisma Cloud.
CrowdStrike acquired Flow Security to add data security posture management (DSPM) capabilities to the Falcon platform, enabling customers to discover, classify, and protect sensitive data across multi-cloud environments and SaaS applications.
CrowdStrike was founded in 2011 by George Kurtz (former McAfee CTO), Dmitri Alperovitch (former McAfee threat intelligence executive), and Gregg Marston in Austin, Texas (later moving to Sunnyvale, California then back to Austin), pioneering cloud-native endpoint protection platform replacing traditional signature-based antivirus with behavioral analytics and threat intelligence. The founders identified that traditional cybersecurity vendors (Symantec, McAfee, Trend Micro) couldn't effectively address sophisticated nation-state and criminal threats requiring cloud-native architecture supporting real-time threat intelligence sharing and behavioral analytics. Strategic emphasis on cloud architecture, threat intelligence (CrowdStrike Intelligence team monitoring nation-state actors and criminal groups), and platform integration supported rapid customer adoption. The June 2019 IPO at $34 per share raised $612 million, with stock reaching $400+ by 2021 reflecting strong growth and strategic positioning. Revenue grew from $53 million (FY2017) to $3.06 billion (FY2024) through patient strategic execution.
CrowdStrike's December 2014 attribution of Sony Pictures Entertainment hack to North Korean state-sponsored group (Guardians of Peace, eventually linked to Lazarus Group) established CrowdStrike's reputation as leading threat intelligence and incident response firm capable of identifying sophisticated nation-state attackers. The investigation provided critical attribution supporting FBI and US government response to the attack that destroyed Sony data, leaked confidential emails, and damaged Sony operations causing $100+ million in losses. CrowdStrike's threat intelligence capabilities (CrowdStrike Falcon Intelligence) gained significant industry recognition supporting subsequent customer acquisitions and competitive positioning. Subsequent high-profile attribution work included Russian DNC hack investigation (2016), various Chinese state-sponsored attacks attribution, North Korean WannaCry ransomware attribution (2017), and various other major incident attribution supporting threat intelligence reputation. The continued threat intelligence work supports CrowdStrike's distinctive competitive positioning versus traditional cybersecurity vendors.
CrowdStrike investigated 2016 Democratic National Committee email server breach attributing the attack to Russian state-sponsored groups APT28 (Fancy Bear, GRU military intelligence) and APT29 (Cozy Bear, FSB), with subsequent CrowdStrike findings supporting FBI investigation and Mueller report conclusions about Russian interference in 2016 US election. The investigation involvement created political controversy with various Trump administration challenges to CrowdStrike's findings, including President Trump's July 2019 phone call with Ukrainian President Zelensky requesting investigation of CrowdStrike Ukraine operations (false claim that DNC server was 'somewhere in Ukraine'). The political controversy created reputational challenges though CrowdStrike's technical attribution work received continued endorsement from US intelligence community and law enforcement supporting findings credibility. Strategic implications included continued politicisation challenges affecting government customer relationships, plus continued threat intelligence reputation supporting commercial customer relationships across various industries.
CrowdStrike caused unprecedented global IT outage on July 19, 2024 when faulty Falcon sensor update (Channel File 291 update at 04:09 UTC) caused Windows systems running Falcon to crash into Blue Screen of Death (BSOD), affecting approximately 8.5 million Windows devices worldwide creating massive operational disruption across airlines, hospitals, banks, retailers, and various other industries. The outage caused estimated $5+ billion in business interruption losses globally with Delta Air Lines alone reporting $500+ million in losses plus subsequent lawsuits seeking damages. CrowdStrike's response included immediate update rollback, technical assistance for affected customers requiring manual remediation (boot to safe mode, delete faulty file), CEO George Kurtz public apologies, and various customer remediation efforts. Strategic impact included approximately $30+ billion stock price decline (35% decline immediately, gradual recovery), continued customer trust challenges, contractual liability exposure, and various other reputational and financial impacts. Recovery efforts have continued through subsequent quarters supporting customer relationships.