CrowdStrike Finding Huge Demand For ‘Replacing Legacy SIEM’: CEO George Kurtz

The cybersecurity vendor has now surpassed $100 million in ARR for its LogScale ’next-gen’ SIEM offering — though ‘it is the future of this business that really excites us,’ Kurtz said Tuesday.


CrowdStrike is finding that the number of customers looking to switch from existing SIEM tools is surging, as organizations increasingly favor more modern security operations technologies that are native to cloud, co-founder and CEO George Kurtz said Tuesday.

Kurtz made the comments during the company’s quarterly call with analysts, as CrowdStrike reported results for the third quarter of its fiscal 2024, ended Oct. 31. The quarter saw the cybersecurity vendor’s LogScale “next-gen” SIEM (security information and event management) offering surpass $100 million in annual recurring revenue, CrowdStrike disclosed.

[Related: CrowdStrike CEO George Kurtz: Microsoft’s ‘Failures’ Put Everyone At Risk]

“However, it is the future of this business that really excites us,” Kurtz said during the call.

The CrowdStrike CEO later agreed with an analyst who suggested the current market climate for SIEM is comparable to the environment CrowdStrike found when it started out offering endpoint detection and response (EDR) in place of traditional antivirus (AV).

“When I look at the market today, and I compare that to when I started CrowdStrike in 2011, and really talking to customers in 2012 and 2013 about replacing their their legacy AV — it feels like it’s the same conversation, just with a different context of replacing their legacy SIEM,” he said.

SIEM tools are indispensable to most Security Operations Center teams, which use the technology to provide the logging, analytics and search capabilities they need to effectively respond to cyberthreats.

CrowdStrike has positioned LogScale as a cloud-native alternative to existing SIEM platforms that aims to offer a dramatically improved way of searching and analyzing log data.

The M&A Factor

Multiple times during the call Tuesday, Kurtz suggested that recent M&A activity in the SIEM space, which he didn’t identify by name, is also helping CrowdStrike’s prospects. Most prominently, in September, Cisco announced an agreement to acquire SIEM stalwart Splunk for $28 billion.

CrowdStrike’s next-gen SIEM opportunity is “supercharged by pervasive discontent with legacy SIEM,” as well as “recent M&A activity” and the company’s position as a tool consolidator with its broad security platform, Kurtz said.

“Now is the right time for us, given the level of dissatisfaction, M&A in the environment and the customers’ willingness to look for a much better solution,” he said.

Additionally, partners such as Ernst & Young are embracing CrowdStrike’s next-gen SIEM approach, according to Kurtz. The firm has built a 150-person next-gen SIEM practice based around LogScale, he said.

All in all, SIEM displacement is proving to be a “massive opportunity for CrowdStrike,” Kurtz said.

ARR Growth

Meanwhile, CrowdStrike disclosed Tuesday that its ARR surpassed $3 billion as of the end of its fiscal Q3. The company is “the fastest and only pure-play cybersecurity software vendor in history to achieve this milestone,” Kurtz said.

Total ARR for CrowdStrike reached $3.15 billion at the end of October, up 35 percent from a year earlier, the vendor said.

For the recent quarter itself, CrowdStrike’s revenue also climbed 35 percent year-over-year, to $786 million, the company reported. That surpassed the analyst consensus estimate for the quarter of $777.1 million.

On earnings, the company reported non-GAAP net income of 82 cents per diluted share for its fiscal Q3, above the 74 cents per diluted share that had been expected by analysts.

CrowdStrike’s stock price fell 1 percent in after-hours trading Tuesday to $210.18 a share.