Cybersecurity

CrowdStrike to Buy Israeli Data Defense Vendor Flow Security

Cloud-Native Application Protection Platform (CNAPP) , Data Loss Prevention (DLP) , Endpoint Security

Data Security Posture Management Deal Will Help CrowdStrike Guard Endpoints, Clouds

CrowdStrike to Buy Israeli Data Defense Vendor Flow Security

CrowdStrike plans to purchase a data security posture management startup led by an Israeli Defense Forces team leader to safeguard information across endpoints and clouds.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The Austin, Texas-based endpoint security behemoth said its proposed acquisition of Tel Aviv, Israel-based Flow Security will give CrowdStrike visibility into cloud data flows and how data interacts with applications along with the ability to detect when sensitive data is at risk or unintentionally leaving an environment. CrowdStrike plans to add Flow’s DSPM capabilities to the company’s Falcon XDR platform.

“With the acquisition of Flow Security, we’re expanding our cloud leadership by protecting data in all states as it flows through the cloud, and are redefining the future of data protection by securing data from code, to application, to device and cloud,” CrowdStrike co-founder and CEO George Kurtz said in a statement.

Terms of the acquisition, which is expected to close by the end of April, weren’t disclosed, though Globes reported in January the firm was expected to fetch between $60 million and $80 million. CrowdStrike’s stock is up $54.62 – or $18.36 per share – to $352.18 per share after the market closed Tuesday. That’s the highest CrowdStrike’s stock has ever traded since the company went public in June 2019 (see: CrowdStrike to Buy AppSec Startup Bionic for Reported $350M).

What Flow Security Brings to the Table

Flow Security was founded in 2020, employs 36 people, and in August 2022 completed a $10 million seed round that included participation from longtime CyberArk CEO Udi Mokady and Descope CEO Slavik Markovich. Flow has been led since its inception by Jonathan Roizin, who spent five years with the IDF and nearly five years spearheading Sygnia’s incident response and compromise assessment unit.

“Flow Security has focused on removing the complexity of securing the massive amounts of critical data businesses manage daily,” he said. “We saw the market lacked a solution that provided comprehensive protection of the flow of data as it traversed SaaS applications, on-prem, cloud infrastructure, third-party APIs, etc., and that this lack of visibility and control presented a critical risk to the enterprise.”

Adding Flow Security to the Falcon XDR platform will allow CrowdStrike to discover, classify and protect data in all states from the risk of exposure regardless of where it moves or resides, according to the firm. Stopping breaches requires a unified security platform that natively protects data at rest and in motion as it flows through the cloud, on-premises and within applications, according to CrowdStrike.

“While competitors focused on posture management, the Flow team was building for the future with runtime-first cloud data security,” CrowdStrike Corporate Development and Falcon Fund Director Tayler Sipperly wrote on LinkedIn. “Their focus on solving the hard problem, addressing both posture and runtime protection, makes them the perfect partner to extend our leadership in cloud security.”

Lucky Acquisition Number 7 for CrowdStrike

CrowdStrike was the fourth-largest cloud workload security vendor in the world in 2022, and its $154.3 million of sales accounted for 5.9% of the $2.6 billion market, according to IDC. The company increased its cloud workload security revenue by 54.3% between 2021 and 2022, which helped CrowdStrike’s share jump from 4.9% to 5.9%. CrowdStrike trails Trend Micro, Palo Alto Networks and Microsoft in the category.

“The Flow team was building for the future with runtime-first cloud data security.”
– Tayler Sipperly, corporate development director, CrowdStrike

CrowdStrike hasn’t been shy about making acquisitions to widen its technology footprint. The Flow Security deal comes six months after the company bought Silicon Valley-based application security startup Bionic for $238.7 million to expand risk visibility and protection across entire cloud computing environments.

Eleven months earlier, CrowdStrike spent $18.9 million to buy San Francisco-based external attack surface management startup Reposify. Nearly a year before that, CrowdStrike bought data protection firm SecureCircle for $60.8 million to fortify its zero trust endpoint security device and identity muscle.

The SecureCircle deal came eight months after CrowdStrike had purchased log management startup Humio for $400 million to strengthen its ability to ingest and correlate data from any log, application or feed. Six months earlier, CrowdStrike bought access control and threat prevention firm Preempt Security for $96 million to help clients defend identity data without sacrificing productivity or user experience.

The first acquisition in CrowdStrike’s 13-year history took place in October 2017, when the company bought automated malware analysis system Payload Security for $8 million.