Cybersecurity is more than just software, says George Kurtz, CEO and cofounder of CrowdStrike.
“What we do at CrowdStrike is as old as time,” he told Fortune. “It’s good versus evil. It’s a human nature story embodied in technology.”
It’s a battle that’s more urgent and complex than ever, as the rise of AI has ballooned the number of cyber threats and cyber criminals. This makes M&A—a longstanding feature of the cybersecurity sector—more high-stakes than ever. To be sure, some of the biggest deals of 2025 have been in cyber, from Palo Alto Networks’ $25 billion acquisition of CyberArk to Google’s proposed $32 billion acquisition of Wiz.
CrowdStrike, which went public in 2019, is also a longtime acquirer, and today announced its acquisition of data observability startup Onum for about $290 million. CrowdStrike today also announced its Q2 2025 earnings, beating expectations but offering a softer-than-expected revenue outlook sending its shares down roughly 4% in after hours trading.
Kurtz exclusively spoke to Fortune about the Onum deal and CrowdStrike’s M&A strategy going forward.
“We like to get things at the right stage,” he said. “When you look at some of these other acquisitions, like CyberArk, you’re talking about a 20-year-old technology company with a lot of integration risk. These are big companies, and I’ve seen the movie before. When I was at McAfee, we acquired 21 companies, and never quite got them integrated… So, when it comes down to it, we’re maniacally focused on the customer experience, on making sure we’re disciplined enough to get this stuff integrated. We have a great track record of doing that.”
Onum marks one of CrowdStrike’s early deals since last year’s much-publicized IT outage, which Kurtz says didn’t derail its M&A efforts, but offered a pause. In the aftermath, CrowdStrike set a high bar and refrained from closing any deals, while continuing to talk to companies, entrepreneurs, and VCs, keeping the M&A pipeline active, said Kurtz. The Onum deal ultimately came together in three months. The Madrid-based startup, which counts Dawn Capital and Insight Partners among its VC backers, was especially compelling to CrowdStrike for its real-time pipeline detection—the ability to analyze and detect threats or anomalies in data as it is being ingested into a company’s systems.
“If you think about the data we have, we started becoming the Reddit of security data for all these AI models,” said Kurtz. “The more data we get in, the larger the moat we actually have, and the greater the opportunity we have to solve bigger and broader problems from an AI perspective. That’s really driving our vision for AI-native SOC [security operations center]. It’s a natural extension.”
