Platform versus Platformization:  George Kurtz on why CrowdStrike is winning the platform battle

Editor’s Note: This is part one of a two-part series.

VentureBeat recently sat down (virtually) with George Kurtz, president, CEO, and co-founder of cybersecurity company CrowdStrike, to learn more about the company’s data-centric approach and vision for the future of cybersecurity. CrowdStrike’s single-agent, unified platform architecture is cloud-based, enabling their customers to easily add new services while combining human intelligence with AI. Combining human-based contextual intelligence gained from incident response and threat hunting with data-driven insights from AI and machine learning (ML) is central to Kurtz’s vision of the future of cybersecurity.

Kurtz has more than 30 years of experience in the cybersecurity industry, including extensive experience driving revenue growth and scaling organizations globally. His prior roles at McAfee, a $2.5 billion security company, include Worldwide Chief Technology Officer and general manager as well as executive vice president of Enterprise. 

CrowdStrike was founded in 2011 and launched its first product, its threat intelligence module, in July 2012. Fourth quarter FY 2024 revenue was $845.3 million, a 33% increase, compared to $637.4 million in the fourth quarter of fiscal 2023. Subscription revenue also soared in the latest quarter, increasing to $795.9 million in the fourth quarter of FY 2024, up from $598.3 million in the fourth quarter of FY 2023, achieving a 33% increase in 12 months. 

 VentureBeat: Can you articulate your vision of cybersecurity and how CrowdStrike will shape the future, given the speed of threats, including the role of generative AI?

George Kurtz: A big part of our strategy since I started the company is leveraging security data as a key element to solve the security challenges that we have. A data-centric approach is the one that will ultimately win, given how fast adversaries and threats evolve. From the beginning, a big part of our focus has been on how we get data into the platform. 

What we found is that customers have so many different point products and manual tasks that have to happen. When you bring this together in a single platform, with one agent, one console and workflow automation, you get a great outcome, which I think in part has been why CrowdStrike has been so successful. A key element has been the fact that we are leaders in incident response. It’s pretty much us and Mandiant (Google) responding to big breaches. We understand how threat actors work. We have hundreds of people on our intel team, studying the adversary and driving our adversary approach to stopping breaches.

 I think our customers and the industry believe that having the data, having it organized, and using the data not only for AI training but for other outcomes, is a big part of the platform story. 

Kurtz said the single agent platform provides one place to have the data that can be used for creating different use cases, enriching aggregated data with AI and algorithms.

VB: How does a single-agent architecture enable CrowdStrike to gain greater scale from human intelligence as threats become more nuanced and difficult to decipher from data alone? 

Kurtz:  It goes back to the people-process-technology adage. You can’t do this with just technology. You certainly can’t do it with just people, and a process without the others doesn’t make sense.  Looking across these areas, we’ve been bringing this together and doing things – like managed detection response (MDR) – before the industry even had a name for it. We created this category before it even had a name from Gartner.

We look at it like this; how do we have a view of what’s happening across the entire globe? How do we make sense from a machine perspective? But then, how do we bubble things up that only humans can deal with to make sure that if there is an adversary or hands-on keyboard activity, we can stop the breach.

The single-agent platform supports our approach of collect, train, protect and evolve. That hasn’t changed since we started the company. The human element of incident responders including data scientists, threat hunters and intelligence, enriches the data set that we have and allows us to continually train, protect, and evolve the models to get the best outcome for customers.

VB: How does your single agent, unified platform impact how you look at acquisitions? For example, your latest acquisition, Flow, is this a consideration? 

Kurtz: From an acquisition perspective, culture and technology fit is a priority.  If there isn’t a culture and fit and an ethos that is similar to ours, then we won’t do a deal. 

Flow Security in the data protection area is a great example. They have a great team and great technology.  Flow is about more than protecting your endpoints and your workloads. In today’s environment, data is flowing, not just on your PC, but it’s flowing into Salesforce, it’s flowing into Workday, it’s flowing into Amazon.  You have to understand where the data is, what type of data it is, and how it flows and who has access to it, and then create guardrails around it.  

We’ve built some fantastic data protection technology on the endpoint to help replace what I would call Legacy DLP. With Flow, we get that whole cloud view. So, the beauty of our model now is being able to tie together the data as it flows, with the systems that it flows on, and the identity of the users. Identity is an element of what CrowdStrike does, and that’s the holy grail. You have where the data resides, you have the identity of who’s accessing it or creating it, and then you have the data itself and where it flows, and, like I said, the ability to put guardrails around it.

We just closed the Flow deal, but we’ve taken a very thoughtful approach of: “How do we get it integrated? When do we go to market with it?” As opposed to many of our competitors that buy things and throw it out there, we take a very deliberate approach to how we bring it into the fold so it’s always delivering on the single agent, single platform concept.

VB: What are the core principles of single-agent architecture in cybersecurity? How has your perspective of a single-agent platform architecture changed since starting the company? 

Kurtz: I can tell you how my perspective has changed, given its success, and how it was really a key part of my thesis. A company I founded was acquired by McAfee in 2004. I spent seven years there in various roles. I took the role of CTO the third time I was asked, and I had an umbrella of technologies below me. And what I saw was a hodgepodge of acquisitions.

Now, we had a great run, but we bought 21 different companies, and we could never get these agents smashed together with a single-agent architecture.  We’d have to go into a customer, and they would say, “Okay, well, I have to deploy yet another agent. Oh, and by the way, you want me to reboot the system.” 

So, my brand promise to our customers has been a single agent, with no reboots. We are the only company in the industry without a reboot when you install it. The idea is that a single agent collects the data one time and then puts it into a common data set. So step one was to get data, as opposed to many of our competitors that were focused on prevention first, which forced them to sacrifice on architecture.

When you look at where we are today in 2024 versus 2014, there are so many more use cases that we can solve because we’ve already collected the data. Data protection, we’ve collected the data, exposure management, vulnerabilities and assets and exposures, we have it. We already have workflows natively built in. Cloud security, we’ve got a whole complement of technologies that go around it. So, the single agent has been critical. This is the core of a true platform.

VB: Can you speak to how CrowdStrike’s approach to providing a single agent platform helps keep it open and extensible?  

Kurtz: Over the years, customers have asked vendors to open up their platforms. Many in the industry didn’t because it’s a hodgepodge mess of data that comes in from other vendors. Ours is very well-organized in a graph on the endpoint and a graph in the cloud. With our Raptor release and with LogScale natively built in, we have the third-party ingest.

It gets back to my overall thesis. If you think data is going to solve the security problem, which I  do, and I think many of our customers do, now we have the ability to pull that third-party data together, do correlations, and answer questions that have never been answered before, saving customers time and money. 

You look at next-generation security information and event management (SIEM). Why take all of this data and ship it somewhere else, when we can take 15% of the data we don’t actually generate and import it and get a better outcome? So again, it gets back to this data fabric we’ve created, but now we’re really excited with LogScale Next-Gen SIEM being natively built in. And, you’ve seen the success in the public quarterly reports, $150 million annual recurring revenue just in Next-Gen SIEM in a very short period.

VB: It seems a single agent platform has the potential to deliver greater fluidity of data at scale while calling a series of bolted-on apps a platform sacrifices fluidity and speed for product breadth. What are your thoughts on that?   

Kurtz: Well, it’s absolutely true. So let’s go back in time for a minute, and I’ll give you the thinking behind CrowdStrike. In 2011, when I started the company, if you looked at true platform companies, you had Workday, you had ServiceNow, you had Salesforce. What was there in security in 2011? Nothing. It wasn’t McAfee, it wasn’t Symantec, it wasn’t Palo Alto, it wasn’t CheckPoint. You had firewall companies and kind of legacy software companies that were out there. 

So we started with a platform that was born-in-the-cloud and AI-native. We were solving problems using AI before it was fashionable. This is not something new to us. Generative AI is obviously a newer AI technique that came about 18 months ago, but we wanted to be the Salesforce of security because there was no foundational platform company.

And what does that mean? It means it’s born in the cloud, which we are. It’s a blank white sheet of paper. We don’t have any legacy issues that we have to worry about because we started from scratch. We have a sales model and a revenue model, which is annual recurring revenue. So we don’t sell hardware, we don’t sell term licenses, we sell subscriptions. 

VB: Can you explain how single-agent architectures streamline the update and maintenance process, contributing to lifetime customer value?

Kurtz: Sure. We provide customers with a single platform, single console, and single agent. So, when we add a new capability, such as data protection, guess what we have to change? Nothing. Guess what the customer has to do? Sign a PO. There’s nothing to deploy. It’s all there. They just turn it on. 

 We have an in-app trial that brings a kind of consumerized mindset to the enterprise. “Hey, if you want to try something, you’ll get 15 days. No problem. Just click here. By the way, we already have the data. All we have to do is turn the module on so you can go into it and play with it.”

This is the reason CrowdStrike is so sticky, and why when you look at our net retention rates, they’re incredibly high. All we need to do with a customer is keep them happy and continue to deliver more capabilities. We don’t need to add any new agents. And the beauty of consolidation is, “Hey, you have Tanium? We can get rid of that. Do you have a vulnerability management tool? We can get rid of that. You’ve got a DLP tool? We can get rid of that. We can save you a ton of money, and all you need to do is just turn on your licenses and that’s it.” So, we don’t take six months to deploy an army of people to get things up and running. We don’t have boxes we have to ship. This is the elegance of the model.