2025 is proving to be a defining year for cybersecurity, with the rise of artificial intelligence that can both defend and attack computer networks. A surge in ransomware attacks and data breaches disrupting businesses worldwide has investors looking for cyber companies – such as portfolio names Palo Alto Networks and CrowdStrike – that can turn their security capabilities into consistent revenue growth and profitability — and, higher and higher stock prices. The biggest hacks this year impacted companies such as Yahoo, Alibaba , Microsoft ‘s LinkedIn, Meta Platforms ‘ Facebook, and Marriott — just to name a handful. The rise of AI cuts both ways – making it easier for bad actors to launch more frequent and sophisticated attacks, while at the same time boosting the tools companies use to counter them. That dynamic puts CrowdStrike and Palo Alto Networks in an enviable position of selling solutions that every business can’t live without. It’s a formula that’s paying off. CrowdStrike has been one of our best stocks in 2025, up more than 55% year-to-date. Palo Alto has gained about 12% this year. The opportunity is only expanding as enterprises move more workloads to the cloud and deploy AI tools, raising the bar for security standards in increasingly complex digital environments. Both companies are leading the industry’s platformization shift, offering one-stop shop security platforms that simplify and unify how businesses protect their data. That helps explain why cybersecurity spending remains one of the few areas of IT budgets that continues to rise, even as enterprises cut costs elsewhere. To help investors better navigate this fast-moving industry and stay on top of the trends, we spoke with Jerry Perullo, professor in the school of cybersecurity and privacy at Georgia Tech. He is also the founder of Adversarial Risk Management, which provides advisory services to the industry. Perullo helps us unpack the 10 common cybersecurity terms and explain what they reveal about where the industry — and its leaders, like Palo Alto and CrowdStrike — are headed next. 1. Vendor In cybersecurity, a vendor is a company that sells hardware and/or software tools designed to protect data and networks, often through recurring subscription models rather than a one-time purchase. Companies like Palo Alto and CrowdStrike fit this model. “In cybersecurity, almost everything is subscription-based these days,” Perullo said. “People are not buying software that belongs to them forever but are subscribing to it.” This model gives vendors predictable recurring revenue — the kind of high-margin consistency that Wall Street loves. 2. Annual Recurring Revenue Since Palo Alto and CrowdStrike are subscription-based, their businesses are valued on annual recurring revenue . Investors focus on whether a company can expand ARR by adding new customers or raising prices. “Investors want to know what the average subscription fee companies are charging and can they increase that – either by adding more customers or charging existing ones more,” Perullo said. “Those are the two items that go into ARR.” Rising ARR signals strong customer retention and pricing power. 3. Attack surface area An organization’s attack surface area refers to every possible entry point a hacker could exploit. Whether it be from devices and cloud servers to employee logins. “It’s how many points you have where someone can interface with your system and potentially abuse it,” Perullo said. “Each one is another opportunity for a vulnerability to be found. That surface has expanded dramatically with the rise of AI agents, automated bots and interconnected software systems. Perullo explained how these tools can now initiate actions and make decisions on behalf of users. While that increases efficiency across a business, it simultaneously multiplies the number of digital identities and endpoints that need protection. Palo Alto and CrowdStrike specialize in identifying and defending these entry points. 4. Cloud security Cloud security protects data and software that live on cloud platforms such as Amazon Web Services (AWS) or Microsoft’s Azure. Before the cloud, “traditionally, the attack surface was at data centers that companies owned,” Perullo said. “But with the advent of cloud beginning around 2007, the idea was to replace those internally managed data centers with the top three cloud players,” he added. Google Cloud is No. 3. The professor called this a “paradigm shift,” because as companies migrate workloads to the cloud, cybersecurity leaders offering cloud-native tools are positioned to capture growing enterprise demand. “That’s why it’s become a popular area of investment and why CrowdStrike and Palo Alto are offering more tools in that space,” he added. 5. Firewall A firewall acts as a gatekeeper between networks, filtering traffic and blocking malicious activity. “The term came from the idea of separating fire from coming through a wall,” Perullo explained. “It evolved into a network device that arbitrates what can pass between two networks.” While traditional firewalls are less critical in a cloud-first world, many legacy systems still depend on them. “You might say a firewall is dead because of cloud security,” Perullo posited. “But there’s still a lot of legacy infrastructure out there. That’s why those markets aren’t falling off a cliff overnight.” In fact, Palo Alto built its business on next-generation firewalls. But its evolution into cloud and platform-based security helped it stay relevant as enterprises modernize their defenses. 6. Non-human Identity A non-human identity refers to a digital entity like an AI agent or bot that interacts with systems without human input. “Since the inception of data center computing, some processes have always needed to run without human interaction,” Perullo said. “The key is recognizing what the non-human identity is and whether it’s the right one for the task.” As AI continues to proliferate, companies must secure both people and machines. He explained that vendors that can manage these complex digital identities – like CrowdStrike’s identity threat protection – stand to benefit from this new security layer. Palo Alto’s pending $25 billion acquisition of CyberArk is about adding an identity specialist to its platformization strategy, aiming to be a one-stop shop for all cybersecurity needs. 7. Endpoint security Endpoint detection and response (EDR) software protects devices such as laptops, smartphones, and tablets, which are all “endpoints” employees use daily. “It’s CrowdStrike’s bread and butter,” Perullo said. “The company really won the EDR market. That’s where they’re leading.” These platforms continuously monitor device activity using AI to spot suspicious behavior. Perullo explained that with the hybrid work dynamic today, the number of endpoints has multiplied and therefore demand for CrowdStrike’s Falcon and Palo Alto’s Cortex XDR continues to grow as companies strengthen their front-line defenses. 8. Secure Access Service Edge Secure Access Service Edge (SASE) is a cloud-based framework that protects employees and data no matter where they work – whether in the office, at home, or on the road. It combines internet connection management with built-in security tools that safely connect users to company systems. “It used to be that everyone was in the office, protected by the same firewall,” Perullo said. “With people working from home, that model broke down.” Palo Alto’s Prisma Access — along with offerings from Zscaler and Cloudflare — helps businesses securely connect their distributed workforces, according to Perullo. That’s an “enduring growth driver” in the hybrid work era. 9. Security Information and Event Management Security Information and Event Management (SIEM) tools collect and analyze data from across a company’s systems, such as login attempts, firewall alerts, and application logs. They also detect threats in real time. “It’s a specialized database for security information,” Perullo said. “Every failed login or password attempt generates an event, and SIEM pulls them all together so a system can assess the pattern.” Perullo said that with the volume of security data growing exponentially, cybersecurity uses AI to enhance SIEM functions to help companies reduce alert fatigue and improve detection accuracy. 10. Security Operations Center Security Operations Centers (SOCs) are the heart of cybersecurity companies. These teams monitor, investigate, and respond to alerts around the clock. “It used to be a physical location,” Perullo said. “Now, with distributed workforces, it’s more about the team performing that function wherever they are.” As cyberattacks grow more frequent, Perullo said companies increasingly outsource or automate SOC functions, creating new opportunities for cybersecurity providers offering AI-assisted monitoring and incident response tools. Bottom line As digital threats grow more sophisticated and enterprises expand further into the cloud, the demand for more unified, AI-driven cybersecurity is accelerating. CrowdStrike and Palo Alto stand at the forefront of this shift – using automation, vast data intelligence, and integrated platforms to protect an ever-widening attack surface. Their ability to scale annual recurring revenue, while branching into areas like identity protection and cloud security, positions them for durable long-term growth. We hope Club members are now better equipped to understand the language and the investment opportunities behind the companies leading the future of cybersecurity. We have our buy-equivalent 1 rating on CrowdStrike and a price target of $520. We also have a 1 rating on Palo Alto, with a $225 price target. (See here for a full list of the stocks.) As a subscriber to the CNBC Investing Club with Jim Cramer, you will receive a trade alert before Jim makes a trade. Jim waits 45 minutes after sending a trade alert before buying or selling a stock in his charitable trust’s portfolio. If Jim has talked about a stock on CNBC TV, he waits 72 hours after issuing the trade alert before executing the trade. THE ABOVE INVESTING CLUB INFORMATION IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY , TOGETHER WITH OUR DISCLAIMER . NO FIDUCIARY OBLIGATION OR DUTY EXISTS, OR IS CREATED, BY VIRTUE OF YOUR RECEIPT OF ANY INFORMATION PROVIDED IN CONNECTION WITH THE INVESTING CLUB. NO SPECIFIC OUTCOME OR PROFIT IS GUARANTEED.
https://www.cnbc.com/2025/11/17/10-cybersecurity-terms-investors-should-know-and-2-industry-leading-stocks-to-buy.html
