CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Sunnyvale, California. It provides endpoint security, threat intelligence, and cyberattack response services. The company has been involved in investigations of several high-profile cyberattacks, including the 2014 Sony Pictures hack, the 2015–16 cyber attacks on the Democratic National Committee (DNC), and the 2016 email leak involving the DNC.
CrowdStrike was co-founded by George Kurtz (CEO), Dmitri Alperovitch (CTO), and Gregg Marston (CFO, retired) in 2011. In 2012, Shawn Henry, a former Federal Bureau of Investigation (FBI) official, was hired to lead sister company CrowdStrike Services, Inc., which focused on proactive and incident response services. In June 2013, the company launched its first product, CrowdStrike Falcon, which provided threat intelligence and attribution to nation state actors that are conducting economic espionage and IP theft.
In May 2014, CrowdStrike's reports assisted the United States Department of Justice in charging five Chinese military hackers for economic cyber espionage against United States corporations. CrowdStrike also uncovered the activities of Energetic Bear, a group connected to the Russian Federation that conducted intelligence operations against global targets, primarily in the energy sector.
After the Sony Pictures hack, CrowdStrike uncovered evidence implicating the government of North Korea and demonstrated how the attack was carried out. In 2014, CrowdStrike played a major role in identifying members of Putter Panda, the state-sponsored Chinese group of hackers also known as PLA Unit 61486.
In May 2015, the company released information about VENOM, a critical flaw in an open-source hypervisor called Quick Emulator (QEMU), that allowed attackers to access sensitive personal information. In October 2015, CrowdStrike announced that it had identified Chinese hackers attacking technology and pharmaceutical companies around the time that US President Barack Obama and China's Paramount leader Xi Jinping publicly agreed not to conduct economic espionage against each other. The alleged hacking would have been in violation of that agreement.
CrowdStrike released research in 2017 showing that 66 percent of the attacks to which the company responded that year were fileless or malware-free. The company also compiled data on the average time needed to detect an attack and the percentage of attacks detected by organizations themselves.
In February 2018, CrowdStrike reported that, in November and December 2017, it had observed a credential harvesting operation in the international sporting sector, with possible links to the cyberattack on the opening ceremonies of the Winter Olympics in Pyeongchang. That same month, CrowdStrike released research showing that 39 percent of all attacks observed by the company were malware-free intrusions. The company also named which industries attackers most frequently targeted. That March, the company released a version of Falcon for mobile devices and launched the CrowdStrike store.
In January 2019, CrowdStrike published research reporting that Ryuk ransomware had accumulated more than $3.7 million in cryptocurrency payments since it first appeared in August.
According to CrowdStrike's 2018 Global Threat Report, Russia has the fastest cybercriminals in the world. The company also claimed that, of 81 named state-sponsored actors it tracked in 2018, at least 28 conducted active operations throughout the year, with China being responsible for more than 25 percent of sophisticated attacks.
In September 2020, CrowdStrike acquired zero trust and conditional access technology provider Preempt Security for $96 million.