사이버 보안
CrowdStrike (CRWD): 클라우드에서 사이버 공간을 방어하기

사이버 방어의 중요성
As more and more activities move to the digital realm, the more risks they entail as well. This is true not only in terms of increased competition or changing business strategies, but also in terms of actual security risks.
예를 들어, 과거에는 기업 자산을 훔치기 위해 직접 현장에 가야 했던 절도가 이제는 사이버 범죄자에 의해 원격으로 거의 눈에 띄지 않게 이루어질 수 있습니다. 또한, 협박은 기업의 직원이나 자산을 인질로 잡는 대신 기밀 데이터를 파괴하거나 공개하겠다는 위협, 혹은 기업의 운영을 차단하겠다는 요구로 나타날 수 있습니다.
그 결과, 사이버 보안은 급성장하고 있는 분야이며 앞으로도 더욱 성장할 것으로 예상됩니다. 현재 시장 규모는 2,450억 달러이며, 2030년까지 연평균 12.9% 성장할 것으로 전망됩니다.
사이버 보안 부문의 성장은 주로 새로운 기술 도입, 특히 B2B 사이버 보안을 위한 ERP(Enterprise Resource Planning)와 CRM(Customer Relationship Management) 소프트웨어, 그리고 클라우드 기반 서비스의 채택에 의해 추진됩니다. 동시에 사이버 공격의 빈도와 심각성도 증가하고 있습니다.

출처: Statista
데이터가 클라우드에 많이 저장될수록 사이버 보안 솔루션도 클라우드로 이동하는 것이 자연스럽습니다. 이 전략적 움직임을 앞선 기업이 바로 CrowdStrike였습니다.
(CRWD )
CrowdStrike: 클라우드 보안의 선두주자
CrowdStrike는 클라우드 퍼스트 접근 방식을 기반으로 사이버 보안을 시작했으며, B2B(기업 간) 시장에 강력히 집중했습니다.
2012년에 설립되었으며 초기 자금은 2,600만 달러에 불과했습니다. 2018년부터 글로벌 위협 보고서를 발표하기 시작했으며, 현재는 업계 최고의 정보원으로 자리매김하고 있습니다. 2019년에 상장했으며, 이후 여러 인수와 모듈 출시를 통해 완전한 엔드‑투‑엔드 사이버 보안 솔루션을 구축했습니다.
CrowdStrike가 초기부터 클라우드에 집중한 덕분에 자체 보안 서버에서 클라우드 서버로 전환하는 기업이 늘어날수록 데이터 보호에서 큰 경쟁 우위를 확보할 수 있었습니다.
이 회사는 개별 디바이스부터 기업 전체 IT 인프라까지 모든 수준에서 보안을 제공할 수 있습니다.

출처: CrowdStrike
The company counts among its clients most of the world’s largest organizations, notably:
- 18 of the 20 largest US banks.
- 44 out of 50 US States.
- >70% of the Fortune 100 companies.

출처: CrowdStrike
This makes CrowdStrike the world’s largest independent software vendor securing Windows systems, with the company working hand-in-hand with Microsoft (MSFT ).
CrowdStrike의 통합 사이버 보안 모델
CrowdStrike가 사이버 보안 도구를 통합하는 방식
A key point of Crowdstrike’s offer is that it brings together in a cloud environment what was before an extremely fragmented landscape of security solutions that needed to be integrated with each other.
예를 들어, 위협 인텔리전스(바이러스 및 특정 해커 그룹, 감염된 시스템 등에 대한 정보)는 이전에 McAfee나 Symantec 같은 소프트웨어에서 데이터 보호를 위해 사용되었습니다.
또는 SIEM(Security Information and Event Management)은 조직 내 보안 관련 데이터를 집계하는데, 이는 신원 확인 및 엔드포인트(디바이스) 보호와 함께 정리되어야 합니다.

출처: CrowdStrike
CrowdStrike의 구독 기반 수익 모델
Because Cybersecurity is something that needs to be deeply integrated into a company’s operations, the choice of a cybersecurity provider is a long-term one.
This results in CrowdStrike’s revenues being highly predictable, with 98% gross retention of its user accounts. CrowdStrike’s Annual recurring revenue (ARR) where $3.9B in Q2 2025, with a target of $10B fixed by the company for 2031.

출처: CrowdStrike
Another aspect of CrowdStrike is that the product is highly modular. Some companies might not need all the possible cybersecurity tools, or lack the ability to implement them yet. Others might only want to test some functions before deciding to replace their existing solutions entirely.
In all these cases, the client can choose to pick only a few modules of the whole platform.
On average, 7 modules are used per customer (for customers with $100K+ ending ARR). In total, 67% of users use 5 modules or more, and 21% use 8 modules or more. Generally, the older a customer, the more cybersecurity modules from CrowdStrike it adds to its systems.
CrowdStrike의 SIEM 보안 혁신
Security Information and Event Management, or SIEM, has been the initial core of cybersecurity strategy.
It is the activity of gathering and identifying all the potential weak points, concerned devices, their connections to each other, and the overall architecture of an organization’s digital systems, and their implications for cybersecurity.
It was also the least innovative and reactive segment of the industry, with a severe lack of innovation from incumbents.
CrowdStrike has worked to change that with a few key changes:
- Platform consolidation allows for smooth integration with other cybersecurity tools.
- A threat-first approach moving away from the outdated existing-infrastructure-first approach.
- Easy data imports.

출처: CrowdStrike
CrowdStrike가 새로운 사이버 시장을 창출하는 방법
Following its initial lead in cloud-based cybersecurity, the company has made somewhat of a habit to create new markets in the industry in response to evolving cyber-threats.
예를 들어, 신원 보호 부문을 만들었으며 2024년 2분기 매출 2억 달러에서 1년 뒤 3억5천만 달러로 성장했으며, 연간 70% 성장(4,000여 고객)을 기록했습니다.
이는 원격 근무가 확대되고 민감한 데이터 접근이 필요해짐에 따라, IT 시스템에 로그인하고 사용자를 식별하는 보안 수준을 크게 향상시킵니다.

출처: CrowdStrike
The same happened for cloud security, which is still growing extremely quickly, with a 80% year-to-year growth, reaching $515M revenues and >10,000 customers in Q2 2025.
And as the threats become more and more complex, the level of integration and innovation CrowdStrike display has been a winning proposition with increasingly anxious corporations regarding cyberthreats that are beyond their core competences. And that was before the ongoing generalization of AI capacities.

출처: CrowdStrike
CrowdStrike와 AI 기반 사이버 보안
As AIs’ capacities are exploding, this is both to the benefit and to the detriment of cybersecurity.
On one hand, this is a very powerful tool given to hacker and cyber criminals. For example, LLMs (Large Language Models) can now be used to try to pry out of unsuspecting employees passwords, confidential data, or create other vulnerabilities without human intervention at all.
For example, “vishing”, or voice phishing, is now using AIs to generate credible voice requests for sensitive information, like login credentials, credit card numbers, or bank details.
On the other hand, companies like CrowdStrike can now deploy AI systems to monitor safety in real time and at a scale not previously possible. For example the company recently released Charlotte AI, a generative AI for cybersecurity. This is an AI agent helping triage security alarms, remove false positives and has already stopped billions of security breaches.

출처: CrowdStrike
“AI also helps prioritize which alerts are likely urgent. Our analysts then spend their time on the highest-risk issues rather than sifting through noise.”
David Levin – CISO (Chief Information Security Officer) at American Express
AI can also make the integration of CrowdStrike to legacy cybersecurity tools and IT systems a lot easier, with adding data to CrowdStrike cloud tools almost seamless.

출처: CrowdStrike
CrowdStrike was also integrated in 2025년 5월 by NVIDIA (NVDA ) into its Enterprise AI Factory validated design
“CrowdStrike pioneered AI-native cybersecurity, and today we’re securing the standardized architecture that’s transforming how organizations innovate in the AI era.
Together with NVIDIA, we’re eliminating the guesswork from securing AI infrastructure with a validated reference architecture.”
Daniel Bernard – Chief Business Officer at CrowdStrike.
Overall, CrowdStrike sees AI-native cybersecurity platforms as a $116B total addressable market, with most of the industry still extremely fragmented and sub-scale for development of AI tools and data integration at the capacity CrowdStrike can deploy.
보다 유연하고 접근성 높은 제안
Falcon Flex
While being at the top of technical capacity is certainly important in a field as complex and quickly changing as cybersecurity, commercial offer can also have a huge impact on a company’s success.
A recurring issue for potential users of CrowdStrike was that they are not always sure of their present cybersecurity needs, and even less of future needs. As a result, a tendency to play it safe and stick to already implemented solutions, or to reluctantly expand subscriptions and modules have been common.
This is why CrowdStrike introduced Flacon Flex, a new licensing model for its flagship Flacon platform, with much less stringent and rigid subscription conditions:
- The subscription is now flexible, with a duration that can be changed from 1-5 years costlessly.
- The actual subscription costs can fluctuate depending on platform demand and usage.
- Modules can be swapped, making the costs of tentatively adopting a new module for a test a lot less daunting and expensive.
This has been a very successful offer, and since launch it has grown extremely quickly to represent a significant portion of CrowdStrike customers. In Q4 2024 these customers were “only” a $185M in total account value, which already grew to >$700M by Q2 2025.

출처: CrowdStrike
CrowdStrike Financing
Another issue for CrowdStrike customers, especially smaller companies, is that cybersecurity needs might occur when the company least expects it.
If this coincides with a severe crisis caused by security failure, it can be difficult to mobilize the financial resources to deploy expensive cybersecurity tools, even if they are now understood as direly needed. This is why CrowdStrike has started offering advantageous financing services to its existing and onboarding clients.
For the customer, the benefit is getting access to adequate protection without the constraints of the cash on hand available.
For CrowdStrike, this is the occasion to sign larger, multi-year deals, close the new deals or new module sales quickly, and build a stronger relationship with its users.
This service has only been provided to US customers so far, and so could likely be beneficial when expanded to customers globally. As it converts in generally larger deals, it is mostly cash neutral for the company.
CrowdStrike의 재무 성과
From a financial point of view, CrowdStrike is remarkably profitable. It has registered 81% non-GAAP subscription gross margins, and grew its annual recurring revenues by 32% year-to-year.
Meanwhile, the free cash flow grew 44% year-to-year to reach $272M in Q2 2025.
The deals with large uses of the platform, with 8+ modules, are also becoming very frequent, with a growth of 66% year-to-year of such deals.

출처: CrowdStrike
As the above 95% retention rate persists, this growth in new clients should convert into very stable revenue streams for the years to come.
2024년 CrowdStrike 서비스 중단 분석
Not all has been rosy for CrowdStrike’s uninterrupted growth. Unfortunately, the first time the company name became very well known beyond IT and investing professionals was during a massive IT outage linked to the company.
On July 19th, 2024, a botched software update from CrowdStrike caused around 8.5 million Windows computers to crash with dreaded blue screens, in what has been described as “maybe the largest IT outage in history”.
This affected many infrastructures, including hospitals, emergency services, airports, airlines, retail shops, broadcasting, government agencies, factories, etc.
What happened is that the update in the Falcon platform caused a crash in the software. But as Falcon is integrated pretty deep inside Windows, this caused the rest of the operating system to crash as well.
So this was not a cyber attack, nor a malicious event of any sort. But it was certainly a major blunder. Something the company is today referring to as (somewhat ominously) “the incident”.
Since then, CrowdStrike has changed its content update procedures to prevent similar incidents in the future. New updates will be rolled out slowly and not everywhere at once, and customers can now choose to pick if they are early adopters of these updates, delay, or even opt out entirely.
In addition, 3rd party input, review and validation has now been implemented, in order to avoid this event to ever repeat again.
This nevertheless illustrated the issue of centralized and shared software between so many critical systems, especially one with high-level authorization and deep into the OS, like a cybersecurity concept. This concept is central to CrowdStrike’s business model, as well as to most of its competitors today operating in cloud cybersecurity.
The generation of new leads and clients in the sales pipeline is apparently returning to “pre-incident levels.” Overall, this has not affected the service’s popularity, even if it has certainly made many customers more likely to delay updating their systems.
CrowdStrike의 사이버 보안 미래
The transition to the cloud is still mostly ongoing for many large companies. This creates a large opportunity for a market leader like CrowdStrike to help them transition their cybersecurity strategy to the cloud as well.
The cloud-first approach of CrowdStrike has allowed it to take market share quickly and is now replicated by all the large cybersecurity companies. So, investors will want to pay attention to CrowdStrike’s ability to retain its advantage despite mounting counterattacks by the industry to catch up with the first mover.
The company should also see its international business grow, with still 3/4th of the Global 2000 companies yet to enter the CrowdStrike ecosystem. The arrival of AI as a massive accelerator for cloud adoption, IT migration, as well as a growth in threats should be an extra booster to CrowdStrike growth. And an extra tool to leverage for the company to do its job even better.
The 2024 IT outage illustrates the possibility of such centralization and ultra-fast connectivity to cause trouble as well. It is likely a sign of maturation of the industry that now, such an update will only be rolled back progressively and much more safely, limiting any failure to a much smaller and less publicized scale.
Still, “the event” does not seem to have hurt the company’s momentum, and the stock price has already rebounded almost to its all-time-high levels, demonstrating it. So as long as the world uses computers more and more, and as long as CrowdStrike can stay at the top of innovation in the cybersecurity space, investors will likely do well with the company.
(You can also read more about the cybersecurity sector in our article “Top 10 Cybersecurity Stocks for Digital Protection”.)













