CrowdStrike has agreed to purchase SecureCircle to extend the company’s zero trust endpoint security device and identity capabilities to include data.
The endpoint security vendor said its proposed acquisition of SecureCircle will make it possible for customers to enforce zero trust at the device level, the identity level, and at the data level. SecureCircle’s offering allows CrowdStrike to enforce encryption on data in transit, at rest and in use, thereby ensuring that data is protected on, from and to the endpoint.
“The endpoint has become the focal point for how data is accessed, used, shared and stored,” CrowdStrike co-founder and CEO George Kurtz said in a statement. “CrowdStrike will be setting a new standard for endpoint-based data protection by connecting zero trust enforcement to the device, the user identity and, with this acquisition, the data users are accessing and using.”
CrowdStrike’s stock is down US$0.51 (0.19 percent) to US$268.66 per share in after-hours trading Monday. Terms of the deal weren’t disclosed, and the acquisition is expected to close during CrowdStrike’s fiscal quarter ending 31 January 2022.
SecureCircle was founded in 2016, employs 31 people, and has raised US$7 million through four rounds of seed funding, according to LinkedIn and Crunchbase. The company was co-founded by Netgear chief technology officer Jeff Capone and Netgear principal software engineer Artem Tsai, who have served as CEO and CTO of SecureCircle, respectively.
“We are excited to join the CrowdStrike family,” Capone said in a statement. “The endpoint in today’s enterprise is everything and coupling our cloud-native approach to protecting sensitive data with CrowdStrike’s industry leading zero trust endpoint security will enable customers to enforce zero trust on the endpoint across all levels.”
Security and risk teams today struggle with inadvertent and malicious insider threats, resource-intensive policy and control management, and a lagging workforce experience hampered by burdensome and opaque rule sets, CrowdStrike CTO Michael Sentonas wrote on a blog. And the pandemic forced clients to adapt to remote working, amplifying the shortcomings of traditional data loss prevention (DLP) tools.
Existing DLP offerings come up short because they only block or encrypt data when it’s leaving the endpoint and only when triggered by a complex set of pre-configured rules and behavioural parameters, according to Sentonas. Adversaries are well aware of DLP weaknesses and continually refine their tradecraft to build specific malware and ransomware to take advantage of them, Sentonas said.
“DLP is clearly broken,” Sentonas wrote in the blog post. “We need a new model for comprehensive, frictionless data protection that secures data as soon as it lands on the endpoint.”
Combining CrowdStrike and SecureCircle will give customers visibility and control over how data is downloaded, used and shared across their organization, Sentonas said. The joint offering will provide customers with flexible, user-based data access management and policy enforcement, ensuring clients can detect and respond to threats whether they manifest at the device, identity or data layer, he said.
“With SecureCircle, we saw an aligned vision for how data security should be delivered similar to everything we bring to market: security solutions that are easy to deploy, easy to manage and highly effective without interference on good user behavior,” Sentonas wrote in the blog post.
The SecureCircle deal comes eight months after CrowdStrike purchased log management startup Humio for US$400m to strengthen its ability to ingest and correlate data from any log, application or feed. Six months earlier, CrowdStrike acquired access control and threat prevention startup Preempt Security for $96 million to help firms protect identity data without compromising productivity or user experience.
And the first acquisition in CrowdStrike’s 11-year history took place in 2017, when the company bought automated malware analysis system Payload Security.