Analysis: CrowdStrike Strikes Back In Platform, SIEM Wars

The cybersecurity giant’s latest quarter shows that CrowdStrike is as formidable as ever in its battle with Palo Alto Networks, Microsoft and Cisco-Splunk.

Like just about every other cybersecurity vendor right now, CrowdStrike has been talking a lot about product consolidation and why the company believes it has the right platform for the job.

But unlike some others whose talking points have been dominated by consolidation lately, the company is producing the growth numbers to support its story.

[Related: CrowdStrike Finding Huge Demand For ‘Replacing Legacy SIEM’: CEO George Kurtz]

CrowdStrike Tuesday released the results for the first quarter of its fiscal 2025, ended April 30, which breezed past Wall Street expectations for both revenue and earnings.

Judging by their remarks during the company’s quarterly call Tuesday, equity analysts were pretty impressed, especially given the difficult customer environment. Investors were happy, too; they sent CrowdStrike’s stock price up more than 9 percent in after-hours trading. As of this writing, shares are trading at a more modest increase of 5 percent, to $322 a share, compared with the closing price Tuesday.

The bottom line: CrowdStrike’s latest quarter shows that the cybersecurity giant is as formidable as ever in its battle with rivals including Palo Alto Networks, Microsoft and Cisco-Splunk.

Perhaps unsurprisingly, those three competitors were each referenced, either directly or indirectly, by CrowdStrike co-founder and CEO George Kurtz (pictured) during the call Tuesday.

In addition to distinguishing CrowdStrike’s platform consolidation strategy from those of rivals such as Palo Alto Networks, the SIEM wars were another focal point of the commentary. Kurtz contended that the shake-up in the SIEM (security information and event management) vendor landscape is helping to direct partners and customers toward CrowdStrike’s offering in the space, its Falcon Next-Gen SIEM.

In May, Palo Alto Networks announced it’s planning to acquire IBM’s QRadar SaaS business for $500 million. The same day, LogRhythm disclosed plans to merge with Exabeam.

Those deals followed Cisco’s closing of its $28 billion acquisition of SIEM stalwart Splunk in March. All in all, “more happened in the SIEM market over the past few months than in decades,” Kurtz said Tuesday.

For CrowdStrike, the market activity is among the factors that “have really contributed to a broad interest and adoption of our technology,” he said.

“Given the movement in the marketplace, we've got many, many customers reaching out, dissatisfied with the current vendors,” Kurtz said.

‘Liberating Customers’

As CrowdStrike Chief Business Officer Daniel Bernard told me this week, the company is finding huge opportunities for working with partners around “liberating customers from legacy products that they’re eager to move away from.”

A key facet of using a SIEM tool is collecting data from all relevant sources, and CrowdStrike has a big advantage in this regard, according to Bernard. As a leading provider of endpoint detection and response (EDR)—and a growing player in areas such as cloud security and identity protection as well—CrowdStrike already possesses many of the key data sources that customers will want analyzed in a SIEM, he noted.

That equates to better security through deeper analytics and improved alerting as well to major cost savings, Bernard said. Customers don’t have to pay to export data and “don’t need a pipeline—you don’t need to worry about how to bring the data in,” he noted.

To be sure, Palo Alto Networks, Microsoft and Cisco-Splunk also have their own well-crafted strategies for driving “platformization” and growth in hot areas such as SIEM.

But this much is equally true: They’ll be doing battle more frequently with CrowdStrike, and with each other, given that everyone is simultaneously pursuing more and more of the cybersecurity pie. Stay tuned.