$SWI dumps $FEYE for $CRWD


Christopher Seifel
Immediately after $SWI realized it had been attacked, it purchased $CRWD

They previously used $FEYE which let the malware remain undetected for 8+ MONTHS

Critically important for zero trust to be part of cybersec posture, as provided by CRWD


Here’s the article Christopher alludes to in his tweet:



It’s very possible this Steifel information might be incorrect. There’s a give and take argument between him and people in his thread.

The only mention I ever saw of $FEYE . . . before Steifel brought it up in his OP. . . was the WSJ article in a long thread I authored with several sourced news sites concerning this hack. I believe someone else here on this board reference my post about it on METAR.

More specifically, from my thread, the WSJ article, now archive so you can read the whole thing if you’re not a subscriber:


A SolarWinds spokesman said the company is working with FireEye Inc., a major U.S.-based cybersecurity firm, and the intelligence community and law enforcement on an investigation.

The hackers were sophisticated and operated in a slow and deliberate fashion, using their foothold in victims’ networks to poke and prod computer systems and eventually to steal information, investigators say. FireEye, which was one of the victims of the incident, said last week the hackers stole a suite of hacking software that it employed to test the security of its customers.

Thus, when I read Steifel’s OP, I took the WSJ article confirmed that $SWI had indeed been a client of $FEYE. A few people arguing with Steifel, without any documentation, are saying it’s the other way around.

As a big holder of zero cost shares of $CRWD acquired through my trading this year (3 or 4 winning trades on $CRWD where I took the profits in the form of the underlying), I want to know if $SWI is or isn’t switching to $CRWD as Steifel said originally. I want to be factually correct when telling the $CRWD story to others. So, when, or if, I discover more information about this ongoing argument, I’ll pass it on here.

Meanwhile, $CRWD is now my second largest position of zero cost shares. So, you can bet I want to know which story is correct. Either way, cyber-security sounds like a growth trend to me and my growing $CRWD stake. Cyber-security awareness is now front-page news and reminds me of pre-COVID/post-COVID awareness and sped-up WFH adaptations. Whatever the smallest TAM estimate was just a couple of weeks ago for the cyber-security sector had to be raised considerably in analysts’ minds after this fiasco at SolarWinds with their password of “solarwinds123.”


I corrected Steifel’s post earlier today.

FEYE was not protecting SWI. There hasn’t been any clues on who or what SolarWinds had for protection during the breach, which first occurred some time Mar to Jun.

FireEye discovered they had been breached themselves, and that lead them to determine how… upon which they discovered SolarWinds breach. FireEye then notified SWI of the breach of their Orion software.

So… FireEye was impacted by this, discovered it and investigated it. But they had damage and boy is it not a great look for a floundering cybersecurity co to get breached themselves.

After all this, SWI bought CrowdStrike Falcon EPP to protect their servers.

CrowdStrike looks like a hero here, but I caution … as Ronronb has been hammering here, there is a LOT we don’t know. Hundreds to thousands of SolarWinds customers may have been impacted.

Was CrowdStrike used at any impacted customers? This breach is known and blocked now but what if CrowdStrike missed the breaches too? We don’t know any of these answers.

We have no idea what the entirety of the damage is yet.

For now, CrowdStrike looks very good in this mess and I hope it stays that way.



Thank you for this clarification, muji.

Like you, I agree, Crowdstrike is looking very good in this mess and I hope it stays that way too.

As I said earlier, I believe this hack will accelerate cyber-security awareness and purchases. And Crowstrike continues to be mentioned in “hotfixes” on Bloomberg TV. So I like hearing this.

As this story develops, if I find any more important differences in reporting, I’ll make you aware on Twitter, and for Saul’s board, I’ll post the same here.


As I said earlier, I believe this hack will accelerate cyber-security awareness and purchases. And Crowstrike continues to be mentioned in “hotfixes” on Bloomberg TV. So I like hearing this.

That makes them a prime target to be hacked. Each of these companies will have their “bad day” it’s only a matter of time.



Peregrine Trader
Suggested 2021 winners in cyber-security by analysts: $CRWD $ZS $PANW $CHKP $SCWX

The direct Barron’s link I was referencing in my retweet:


Wall Street Seeks the Upside in an Historic Hack

Wedbush’s Dan Ives said that the hack is “likely to become the biggest cyber espionage/infiltrations ever seen in the U.S. government and across the enterprise landscape,” and that security software spending will rise 20% in 2021. “We believe there is a $200 billion growth opportunity in cloud security” over five years, he said, hiking price targets on a slew of security stocks, including Check Point Software, Palo Alto Networks, and Zscaler.

To see what other analysts are saying, hit that Barron’s link.


Looks like the Russian hackers did try to hack into CRWD but failed… the article below references a CRWD blog post but it wasn’t clear to me which one they were talking about.

There is also a very nice analysis of CRWD’s opportunity on Seeking Alpha this morning if you haven’t seen it.


Merry Xmas to all that celebrate it!