It’s not every day that a company can compel hackers to give up. Yet that’s exactly what CrowdStrike managed to do earlier this year.
CEO and co-founder George Kurtz tells it like this: A besieged customer needed backup. So Kurtz’s team sent in reinforcements, placed its cloud-based software sensors across the breached business’s computing environment, and started gathering intel. Aha! Investigators spotted Hurricane Panda, an old Chinese nemesis that Kurtz’s crew had been battling since 2013. What happened next surprised them: When the attackers scanned an infected machine only to find traces of CrowdStrike, they fled.
CrowdStrike’s reputation precedes it. The company, founded in 2011 and based in Irvine, Calif., has gone toe-to-toe with some of the world’s most sophisticated state-sponsored hacking groups. The firm analyzed the data behind the breaches of millions of sensitive records at the Office of Personnel Management, the federal agency responsible for human resources, in what may have been the biggest act of cyberespionage the U.S. has ever seen. It has published threat reports on many of the more than 50 adversaries it tracks, which include the likes of Ghost Jackal (the Syrian Electronic Army), Viceroy Tiger (an Indian intruder), and Andromeda Spider (a criminal coterie). Between 2013 and 2014 its revenue grew 142% and its customer base more than tripled, two reasons Google Capital (GOOG), the tech giant’s growth equity arm, led a $100 million investment in CrowdStrike in July, its first ever for a computer security company.
Kurtz used to travel hundreds of thousands of miles a year as CTO of McAfee, now called Intel Security (INTC), to meet with beleaguered customers. It struck him that they did not need more anti-malware and antivirus products, the traditional realm of information security, so much as software oriented toward tradecraft and technique, the domain of cyberspies. Co-founder and CTO Dmitri Alperovitch, then McAfee’s head of threat intelligence, agreed.
The cloud model is essential to CrowdStrike’s success. As its customers send data about their network activity into the cloud, CrowdStrike uses it to learn what different attacks look like and how to adapt to them. (It calls the approach “community immunity.”) The cloud also allows for rapid deployment. Kurtz’s team managed to get one financial services firm with 77,000 devices on its network up and running in two hours flat, faster than the hardware-based approach of some of its rivals.
The transition to the cloud originally gave hackers an advantage in the cat-and-mouse game that is cybersecurity. “These fraudsters used to work a street corner—they had a geographic area of stealing and limited scalability,” Kurtz says. “Now, because of the cloud, they can scale exponentially—no longer a street corner but the entire globe.”
[fortune-brightcove videoid=4360507662001]
Which is why Kurtz and company are set on fighting fire with fire in a sort of dogfight in the cloud. “We need to work at the same speed they’re working,” he says, “and keep up with them.”
A version of this article appears in the August 1, 2015 issue of Fortune magazine with the headline “Standing up at the gates of hell.”
