“`html
2025 is shaping up to be a pivotal year for cybersecurity, marked by the ascent of artificial intelligence as both a powerful weapon and shield in the ongoing battle for network security. Amidst a surge in ransomware attacks and increasingly sophisticated data breaches impacting businesses globally, investors are keenly focused on cybersecurity firms that can translate their defensive capabilities into demonstrable, sustainable revenue growth and profitability – factors that ultimately drive stock performance. High-profile breaches this year have already impacted major players across diverse sectors, underscoring the ubiquitous nature of the threat.
The rise of AI presents a double-edged sword. While it empowers malicious actors to launch faster, more targeted, and evasive attacks, it also fuels the development of advanced security tools. This dynamic places companies like CrowdStrike and Palo Alto Networks in a uniquely advantageous position: offering solutions that businesses increasingly deem indispensable. This translates to significant market opportunity and, for those who execute well, substantial returns. CrowdStrike, in particular, has delivered strong performance in 2025, exceeding a 55% year-to-date gain. Palo Alto Networks has also shown positive momentum, with gains of approximately 12% this year.
This opportunity is only expanding as enterprises accelerate their cloud adoption and integrate AI tools into their operations. This creates increasingly complex hybrid environments, raising the stakes for robust and adaptable security standards. Both CrowdStrike and Palo Alto Networks are at the forefront of the industry’s platformization trend, offering comprehensive, integrated security platforms designed to streamline and unify data protection strategies. This holistic approach is resonating with businesses seeking simpler, more effective security solutions in a fragmented landscape.
The result? Cybersecurity spending remains a priority within IT budgets, even as companies tighten their belts elsewhere. The criticality of protecting digital assets and maintaining business continuity, coupled with the escalating threat landscape, makes cybersecurity a non-discretionary expense for most organizations.
To provide investors with a deeper understanding of this dynamic industry, we spoke with Jerry Perullo, professor in the school of cybersecurity and privacy at Georgia Tech and founder of Adversarial Risk Management. Perullo’s insights help demystify key cybersecurity concepts and shed light on the future direction of the industry, including the roles of leading players like Palo Alto Networks and CrowdStrike.
1. Vendor
In cybersecurity, a vendor is a company that provides hardware and/or software solutions designed to safeguard data and networks. The dominant business model has shifted towards recurring subscription-based services rather than one-time perpetual licenses. Companies like Palo Alto Networks and CrowdStrike exemplify this model.
“In cybersecurity, almost everything is subscription-based these days,” Perullo explains. “Organizations are not buying software that belongs to them forever but are subscribing to it.” This subscription model delivers predictable recurring revenue streams, a characteristic highly valued by Wall Street. This predictability allows for more accurate forecasting and more stable financial performance.
2. Annual Recurring Revenue (ARR)
Given their subscription-based models, Palo Alto Networks and CrowdStrike are valued based on their Annual Recurring Revenue (ARR). Investors closely monitor ARR growth, assessing a company’s ability to acquire new customers and increase subscription prices.
“Investors want to know the average subscription fee companies are charging and whether they can increase that – either by adding more customers or charging existing ones more,” Perullo states. “Those are the two key drivers of ARR.” Strong ARR growth signifies effective customer acquisition, retention, and pricing power – key indicators of a healthy and sustainable business.
3. Attack Surface Area
An organization’s attack surface area encompasses all potential entry points that a hacker could exploit, ranging from devices and cloud servers to employee logins and API vulnerabilities.
“It’s the total number of points where someone can interface with your system and potentially abuse it,” Perullo notes. “Each entry point represents another opportunity for a vulnerability to be found.” The attack surface has expanded dramatically with the rise of AI agents, automated bots, and increasingly interconnected software systems. These tools can initiate actions and make decisions on behalf of users, increasing efficiency but also multiplying the number of digital identities and endpoints that need protection. Palo Alto Networks and CrowdStrike specialize in identifying, monitoring, and defending these broadening attack surfaces.
Cloud security protects data, applications, and infrastructure hosted on cloud platforms such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Before the cloud, “traditionally, the attack surface was largely confined to data centers that companies owned and operated,” Perullo explains. “But with the advent of cloud computing around 2007, the paradigm shifted to replacing those internally managed data centers with top-tier cloud providers.”
This paradigm shift necessitates cloud-native security tools designed to protect workloads in dynamic, distributed cloud environments. Cybersecurity leaders offering these cloud-native solutions are well-positioned to capitalize on the growing enterprise demand for cloud security. “That’s why cloud security has become a popular area of investment and why CrowdStrike and Palo Alto are offering increasingly sophisticated cloud-native tools,” Perullo adds.
5. Firewall
A firewall acts as a gatekeeper between networks, filtering traffic and blocking malicious activity based on predefined rules.
“The term ‘firewall’ originated from the concept of preventing a fire from spreading through a wall,” Perullo explains. “It evolved into a network device that arbitrates what can pass between two networks.”
While traditional firewalls are becoming less critical in a cloud-first world, many legacy systems still rely on them. “One might argue that the traditional firewall is dead because of cloud security,” Perullo suggests. “But substantial legacy infrastructure remains, preventing that market from collapsing overnight.” Palo Alto Networks, in fact, built its business on next-generation firewalls. However, its successful evolution into cloud and platform-based security has enabled it to maintain relevance as enterprises modernize their defenses.
6. Non-Human Identity
A non-human identity refers to a digital entity, such as an AI-powered agent or a bot, that interacts with systems without human intervention.
“Since the beginning of data center computing, certain processes have always needed to run without human interaction,” Perullo explains. “The key now is accurately identifying the non-human identity and verifying its authorization for the assigned task.”
As AI continues its rapid proliferation, companies must secure both human and machine identities. Vendors that can effectively manage these complex digital identities – such as CrowdStrike with its identity threat protection – are poised to benefit from this emerging security layer. Palo Alto Networks’ pending $25 billion acquisition of CyberArk, a specialist in identity security, underscores the strategic importance of identity management within its broader platformization strategy.
7. Endpoint Security
Endpoint detection and response (EDR) software protects devices such as laptops, smartphones, and tablets—the “endpoints” that employees use daily.
“This is CrowdStrike’s bread and butter,” Perullo remarks. “The company truly dominated the EDR market and remains a leader in that space.” EDR platforms continuously monitor device activity, using AI to detect and respond to suspicious behavior. Perullo notes that the rise of hybrid work has led to a proliferation of endpoints, driving demand for CrowdStrike’s Falcon and Palo Alto’s Cortex XDR as companies fortify their frontline defenses.
8. Secure Access Service Edge (SASE)
Secure Access Service Edge (SASE) is a cloud-based framework that protects employees and data regardless of their location – whether in the office, at home, or on the road. SASE combines internet connection management with integrated security tools that securely connect users to company systems.
“Previously, most employees worked in the office, all protected by the same firewall,” Perullo explains. “With the shift to remote work, that traditional model broke down.” Palo Alto’s Prisma Access—along with offerings from Zscaler and Cloudflare—enables businesses to securely connect their increasingly distributed workforces, making SASE “an enduring growth driver” in the hybrid work era, according to Perullo.
9. Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) tools aggregate and analyze data from across a company’s systems, including login attempts, firewall alerts, and application logs. They also detect threats in real time.
“SIEM is essentially a specialized database for security information,” Perullo states. “Every failed login or password attempt generates an event, and SIEM pulls all of these events together, enabling the system to assess overall threat patterns.”
With the volume of security data growing exponentially, cybersecurity providers are leveraging AI to enhance SIEM functionality, helping companies reduce alert fatigue and improve detection accuracy.
10. Security Operations Center (SOC)
Security Operations Centers (SOCs) are the central hubs for cybersecurity operations within organizations. These teams monitor, investigate, and respond to security alerts around the clock.
“Historically, SOCs were physical locations,” Perullo notes. “Now, with distributed workforces, the focus is on the team performing that function regardless of their physical location.” As cyberattacks become more frequent and sophisticated, companies are increasingly outsourcing or automating SOC functions, creating new opportunities for cybersecurity providers that offer AI-assisted monitoring and incident response tools.
The Bottom Line
As digital threats become more sophisticated and enterprises expand further into the cloud, the demand for unified, AI-driven cybersecurity solutions is accelerating. CrowdStrike and Palo Alto Networks are at the forefront of this evolution, employing automation, data intelligence, and integrated platforms to protect an ever-expanding attack surface. Their ability to scale annual recurring revenue while expanding into key areas like identity protection and cloud security positions them for sustained long-term growth. Their platform approach, offering comprehensive protection across multiple layers, is proving to be a key differentiator in a crowded market.
We believe investors are now better equipped to understand the language and the investment opportunities within cybersecurity. We reiterate our buy-equivalent rating on CrowdStrike with a price target of $520 and our buy-equivalent rating on Palo Alto Networks with a price target of $225.
“`
Original article, Author: Tobias. If you wish to reprint this article, please indicate the source:https://aicnbc.com/13016.html
