CrowdStrike To Buy Identity Startup Preempt Security For $96M

CrowdStrike has agreed to purchase access control and threat prevention startup Preempt Security to help keep organizations’ users, endpoints and data safe from modern attacks.

The Sunnyvale, Calif.-based endpoint security vendor said its proposed acquisition of San Francisco-based Preempt will help customers protect identity data without compromising productivity or the user experience. This is just the second acquisition in CrowdStrike’s ten-year history, and its first since buying automated malware analysis system Payload Security in November 2017, according to Crunchbase.

“With the addition of Preempt Security’s capabilities, the CrowdStrike Falcon platform will provide enhanced protection against identity-based attacks and insider threats,” CrowdStrike Co-Founder and CEO George Kurtz said in a statement. “Combining Preempt’s technology with the CrowdStrike Falcon platform will help customers achieve end-to-end visibility and enforcement.”

[Related: Zoom Calls On CrowdStrike To Help Beef Up Security Posture]

CrowdStrike said it expects to pay approximately $86 million in cash and $10 million in stock and options to purchase Preempt. The deal is expected to close by Oct. 31, and the company’s stock is down $0.40 (0.29 percent) to $138.20 per share in after-hours trading Wednesday. CrowdStrike executives weren’t immediately available for additional comment.

Preempt was founded in 2014, employs 71 people and has raised $27.5 million in three rounds of outside funding. The company’s technology continuously detects and preempts threats based on identity, behavior and risk, CrowdStrike said, empowering enterprises to optimize identity hygiene and stop attackers and insider threats in real-time before they can impact business.

“Combining Preempt’s identity security expertise with CrowdStrike’s incredible scale and threat telemetry, we will be able to offer customers complete protection for hybrid workloads and remote workforces wherever they are,” Preempt Co-Founder and CEO Ajit Sancheti said in a statement.

The deal will expand CrowdStrike’s total addressable market to include identity security and allow the company to deliver a new module as part of the CrowdStrike Falcon platform once the integration of Preempt is complete, Kurtz wrote in a blog post. Preempt said it works with marquee channel and cybersecurity partners such as WWT, Optiv, Trace3, Fishtech, Critical Start, Myriad360 and IDMWorks.

Preempt’s technology will help clients improve detection and prevention of attacks such as Zerologon or reconnaissance tools such as Bloodhound, which Kurtz said are a critical piece in the lateral movement and privilege escalation phases of most intrusions. The transaction will provide CrowdStrike with further visibility and prevention capabilities to stop sophisticated “living off the land” attacks, Kurtz said.

The company detects identity-based attacks and unauthorized access attempts, allowing customers to block, notify, force re-authentication or challenge the user with multi-factor authentication, Kurtz said. Preempt identifies threats with a high degree of accuracy while ensuring that legitimate activities are not disrupted and an organization’s security staff aren’t faced with unnecessary burdens, Kurtz said.

Preempt’s conditional access is achieved by applying machine learning on data gathered from Active Directory, NTLM logs and cloud single sign-on from partners such as Okta and Ping, according to Kurtz. By combining that with CrowdStrike’s threat telemetry, Kurtz said customers will receive a highly effective solutions to apply advanced access controls and detect anomalous activities in real-time.

“By integrating our technology with best-of-breed solutions, including with CrowdStrike Store partners, combined with our planned acquisition of Preempt, CrowdStrike is leading the charge in delivering an end-to-end Zero Trust solution for customers,” Kurtz wrote in the blog post.