Threat Management

CrowdStrike $400M buy addresses ‘drastically different attack surface’

George Kurtz, CEO, CrowdStrike, speaking during Web Summit 2018 at the Altice Arena in Lisbon, Portugal. (Photo by Seb Daly/Web Summit via Sportsfile/CC by 2.0)

CrowdStrike, one of the largest and most widely known companies in threat intelligence, announced its intention to acquire log management startup Humio for $400 million.

The acquisition gives CrowdStrike a ready-made, multitenant analytics platform that can ingest and connect log data across different applications and threat feeds to pair with Falcon, its Extended Detection and Response platform. The purchase will officially close sometime in Q1 of this year.

In a corresponding blog, CrowdStrike Chief Technology Officer Michael Sentonas said the shift to remote work and increasing reliance on software-as-a-service applications by businesses have resulted in a loss of visibility by hardware and network security vendors.

As vendors turned to detection and response platforms, they began to repeat the mistakes of past tools like SIEM, leaving organizations with “large, complex data sets that lack context and hide the important insights security teams require,” and third-party security platforms “that require expert knowledge to configure, to integrate, and to query, to say nothing about the loss of valuable information and context that comes with converting and normalizing data.”

“From a security architecture perspective, all this change has brought a drastically different attack surface with a vast number of event sources, feeds, and telemetry enrichments that defenders need to manage themselves, just to keep even a basic grip on security visibility and response,” wrote Sentonas.

The purchase and integration of Humio is designed to account for the changes that have taken place in IT management over the last decade, particularly the reliance on multiple vendors and cloud services. On its website, Humio touts an ability to integrate with more than 50 third-party systems, platforms, applications, open source products and standards, including dozens of cloud vendors.

As security has become an increasingly complex landscape of third-party tools, platforms and services, more and more companies are seeking to simplify their vendor lists by relying on detection and response platforms that offer a consolidated, one stop shop for many cybersecurity and threat intelligence needs. Vendors in turn have responded by stuffing more capabilities into their EDR and XDR platforms.

Allie Mellen, a security and risk analyst at Forrester, told SC Media in an email that endpoint detection and response vendors “have reached a tipping point” where they need to start delivering on their promises regarding XDR, particularly acting as a bridge between data from different sources. This has led some to buy that functionality through acquisitions, while others have opted to build and integrate their own capabilities in-house.

“A critical part of XDR – the X – is about the connection between [extended detection and response] and various security tools in order to detect and alert on complete incidents, add critical context, and empower cross-tool investigation and response capabilities in one place,” said Mellen. “In order to accomplish this, you need some way to take in use case-driven data from these tools.”

This approach can also have downsides, locking companies into a single vendor for many of their security needs and offering a single point of failure for malicious hackers to target. However, Gartner notes that it’s an attractive option for overwhelmed or understaffed IT security teams and that “large XDR vendors likely have enough threat intelligence and a broad enough portfolio of security tools, each of which employs different detection and prevention techniques, that an XDR product can achieve an in-depth defense posture without the complexity of a multivendor strategy.”

Sentonas said Humio’s log management platform will help further CrowdStrike’s philosophy around endpoint detection and response, namely that customers already have more than enough data to sift through. What they’re lacking is the ability to process and contextualize it in real time.

“With the ability to ingest and analyze both first- and third-party data, and to answer complex questions at the speed of the cloud, CrowdStrike will continue to innovate and advance its powerful data platform to solve real-world customer problems,” Sentonas said.

The acquisition marks the second high-profile purchase of a log management company in recent weeks, after SentinelOne paid $155 million last week to add Scalyr’s capabilities to their own automated detection and response platform.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.