2025 is proving to be a defining year for cybersecurity due to the rise of artificial intelligence, which can both defend and attack computer networks. As ransomware attacks and data breaches proliferate around the world, disrupting businesses, investors are looking for cyber companies (like portfolio names Palo Alto Networks and CrowdStrike) that can translate security capabilities into steady revenue growth and profitability, leading to higher stock prices. The biggest hacks of the year affected companies like Yahoo, Alibaba, Microsoft’s LinkedIn, Meta Platforms’ Facebook, and Marriott, just to name a few. The rise of AI will have a two-way effect, making it easier for attackers to launch more frequent and sophisticated attacks while also enhancing the tools that businesses use to counter them. This dynamic puts CrowdStrike and Palo Alto Networks in the enviable position of selling a solution that every company can’t live without. It’s a formula for success. CrowdStrike is up over 55% since the beginning of the year, making it one of our best stocks for 2025. Palo Alto is up about 12% this year. The opportunities will only grow as enterprises move more workloads to the cloud and deploy AI tools, raising the bar for security standards in an increasingly complex digital environment. Both companies are leading the industry’s platform shift, offering one-stop-shop security platforms that simplify and unify the way businesses protect their data. This helps explain why cybersecurity spending remains one of the few areas of IT budgets that continues to grow, even as companies cut costs in other areas. To help investors navigate this rapidly changing industry and stay on top of trends, we spoke with Jerry Perlo, a professor in Georgia Tech’s School of Cybersecurity and Privacy. He is also the founder of Adversarial Risk Management, which provides advisory services to the industry. Perlo unpacks 10 common cybersecurity terms and helps explain what they reveal about where the industry and its leaders like Palo Alto and CrowdStrike are headed next. 1. Vendors In cybersecurity, vendors are companies that sell hardware and software tools designed to protect data and networks, often through a recurring subscription model rather than a one-time purchase. Companies like Palo Alto and CrowdStrike fit this model. “In cybersecurity, almost everything these days is subscription-based,” Perlo said. “Rather than buying software that’s going to be yours forever, people are subscribing.” This model allows vendors to earn predictable recurring revenue, a high-margin consistency that Wall Street loves. 2. Annual Recurring Revenue Palo Alto and CrowdStrike are subscription-based, so their businesses are measured in terms of annual recurring revenue. Investors will be watching to see if companies can expand ARR by adding new customers or raising prices. “Investors want to know how much a company is charging for an average subscription and whether it can increase that by adding more customers or charging existing customers more,” Perlo said. “These two items are included in ARR.” An increase in ARR indicates strong customer retention and pricing power. 3. Attack Surface An organization’s attack surface refers to all the points of entry that a hacker could exploit. From devices and cloud servers to employee logins. “It’s about how many points someone has to access your system and potentially exploit it,” Perullo says. “Each is a new opportunity to discover vulnerabilities. With the rise of AI agents, automated bots, and interconnected software systems, that surface has expanded dramatically. Perlo explained how these tools can now initiate actions and make decisions on behalf of users. This increases efficiency across businesses, while simultaneously increasing the number of digital identities and endpoints that need to be protected. Palo Alto and CrowdStrike 4. Cloud Security Cloud security protects your data. Before the advent of the cloud, Perlo said, “traditionally, enterprise-owned data centers were the target of attacks,” adding, “But with the advent of the cloud starting around 2007, the idea was to replace these internally managed data centers with the top three cloud players.” He added that this is a “paradigm shift” as companies move workloads to cloud platforms. 5. Firewalls Firewalls act as gatekeepers between networks, filtering traffic and blocking malicious activity. “The term comes from the idea of isolating fires that pass through walls,” Perlo explained. Although traditional firewalls are less important in a cloud-first world, many legacy systems still rely on them. “People might say firewalls are dead because of cloud security, but there’s still a lot of legacy infrastructure out there,” Perlo said. In fact, Palo Alto built its business on next-generation firewalls. However, the evolution to cloud and platform-based security has allowed firewalls to remain relevant as enterprises modernize their defenses. 6. Non-Human Identities Non-human identities refer to digital entities such as AI agents or bots that interact with systems without human input. “Since the beginning of data center computing, some processes have always needed to run without human intervention,” Perullo said. “The key is to recognize what non-human identities are and whether they are appropriate for the task,” he said, explaining that businesses can benefit from vendors that can manage these complex digital identities, such as CrowdStrike’s Identity Threat Protection, by adding identity specialists to their platformization strategy. 7. Endpoint Security Endpoint Detection and Response (EDR) software protects all the “endpoint” devices your employees use every day. These platforms use AI to continuously monitor device activity and identify suspicious behavior. Perullo explained that with today’s hybrid work practices doubling the number of endpoints, demand for CrowdStrike’s Falcon and Palo Alto’s Cortex XDR continues to grow as enterprises strengthen their first line of defense. 8. Secure Access Service Edge Secure Access Service Edge (SASE) is a cloud-based framework that protects your employees and their data, no matter where they work. It combines Internet connection management with built-in security tools to securely connect users to a company’s systems. “It used to be that everyone was in the office and protected by the same firewall, but with Zscaler and Cloudflare’s products, that model has broken down,” Perullo said. 9. Security Information and Event Management Security information and event management (SIEM) tools collect and analyze data such as login attempts, firewall alerts, and application logs from across an enterprise’s systems to detect threats in real time. 10. Security Operations Center A security operations center (SOC) is the core of a cybersecurity company, and “it used to be a physical location, but now cyberattacks are happening more frequently,” Perlo said. Increasing outsourcing and automation of SOC functions is creating new opportunities for cybersecurity providers offering AI-assisted monitoring and incident response tools. Bottom Line As digital threats become more sophisticated and enterprises expand further into the cloud, CrowdStrike and Palo Alto are at the forefront of this change with the ability to use automation, vast data intelligence, and integrated platforms to protect an ever-expanding attack surface. We hope club members will be able to better understand the language and investment opportunities of the companies leading the future of cybersecurity. Palo Alto also has a rating of 1 and a price target of $225 (see the complete list of stocks here). Mr. Kramer, Jim waits 45 minutes after sending a trade alert before buying or selling stocks in a charitable trust’s portfolio. If Jim talks about stocks on CNBC TV, wait 72 hours after issuing a trade alert before executing a trade. In conjunction with our disclaimer, your receipt of information provided in connection with investment clubs does not create any fiduciary duty or obligation and does not guarantee any particular outcome or benefit.
