The CrowdStrike-Humio Deal: George Kurtz’s 10 Boldest Remarks

From CrowdStrike’s push beyond security to its strategy around acquisitions to why it expects to beat archrival SentinelOne in the emerging XDR market, here are CEO George Kurtz’s 10 boldest remarks on the Humio deal.

Upping The Ante

CrowdStrike made its second acquisition in five months Thursday, agreeing to scoop up log management startup Humio for $400 million in an effort to become the market leader in Extended Detection and Response (XDR). The deal will make it easier for CrowdStrike to ingest other third-party data through index-free logging and get actionable insight at scale rather than another needle in a needle stack.

Co-Founder and CEO George Kurtz spoke to CRN about why CrowdStrike is well-positioned to compete and win against archrival SentinelOne in the XDR space, which just announced the $155 million purchase of Scalyr last week.

Kurtz said SentinelOne would have loved to have Humio and ended up with something in Scalyr that doesn’t have the same scale and technology. SentinelOne CEO Tomer Weingarten fired back, telling CRN that SentinelOne actually passed on Humio since Scalyr offered superior technology and a better cultural fit.

Kurtz also dished on CrowdStrike’s strategy around acquisitions, the company’s push beyond security into other areas of IT, and what stood out to him most about Humio’s team. From CrowdStrike’s integration and channel strategy with Humio to what made Humio stand out from its competitors, here are Kurtz’s 10 boldest remarks on the CrowdStrike-Humio deal.

10. What’s the timeline and framework for integrating Humio?

Like our other acquisitions, it’s about being able to add their capabilities into our Falcon platform to make it available and seamlessly integrate it into our UI. And make it available to our customers as well as use it for things like the store. We’ve got the CrowdStrike Store, and that that will really help with third-party ingest of our partners.

So we’ve got to go through all the roadmaps and plans and what that looks like - and you really can’t do that until you get the deal closed - but those are the general thoughts. Like everything else we do, we’ll acquire it, we’ll basically create a plan to integrate it within our Falcon platform, and make it available to all of our customers.

9. How will channel partners be impacted by the Humio deal?

Like everything else in the Falcon platform, channel partners are going to have the ability to sell Humio. So no change in our strategy, and it fits right into another capability that we provide, which is in high demand. So I think they should be excited about that.

Humio is obviously a smaller company, but their channel partners will obviously have access to be able to sell this and continue to service customers that go beyond just security. A lot of the customers are not just security customers, right? They’re looking to log everything and create an architecture for observability. And they’ll still be able to do that …

As a channel-first company, we’re excited to get the deal closed, get our channel partners enabled, and to go out and win business and solve some really big problems for customers.

8. Will Humio be rolled out as another module within CrowdStrike?

It [Humio] certainly could be another module. It’s a pretty big platform piece, so we’ve got to see how it’s all going to shake out, but I would anticipate that it will be another module. In some cases, another module. In other cases, it may have some integrations just natively. There’s a lot of use cases for it so I think it’s going to be probably a little bit of both …

What’s important to realize is that people want less agents and they want less complexity and they want less cost. So we can come in with a single agent that collects data one time. We collect it one time, and now it’s available to any of the modules and as we create workflows around these. A core one is threat protection, everybody gets that.

But as an offshoot, there’s vulnerability management. We were already collecting all the data of what’s running on the system. And then on the back end, we map it to what’s vulnerable. That’s a huge win for customers because now they don’t need a vulnerability management agent on their endpoint.

We’ve already collected the data, so as we add new capabilities, they don’t have to add an agent. In fact, they can get rid of a lot of the agents they have, which saves them time and money. And we really become the platform of record, like a Salesforce of security.

7. Why does it matter that CrowdStrike is able to move data around at scale?

With our architecture, we have an agent that we collect data once, and then we can basically reuse it in any module. Most of our competitors will keep a lot of the data on the endpoints. So if something happens and you make a query, guess what? It’s not there. So if you want to go back and look for things like the SUNBURST attacks, you have a really difficult time because the data is not there.

We’ve already collected all that data. It’s all stored and organized. And if you can’t move data to the cloud, you’re forced to keep it on the endpoint, which it’s either going to be gone, or you’re going to have a very limited view of what’s happening …

So there’s a balance of getting the right data to the cloud at the right time. And always making sure it’s available and not missing anything. And that’s really the secret sauce behind that smart-filtering technology.

And just a little more on that, it’s sort of like an aperture that opens and closes dynamically, and it’s fully reprogrammable by the cloud. So as the machine threat environment changes, we can dynamically open and close that. We always make sure that we’ve got the right level of information.

6. What made Humio stand out from its log management peers?

We had some joint customers that were using them like New York City Cyber, we heard really good things about them in terms of speed, scalability, and ease of use. And I think it was one where we’re always looking for innovative companies that can help extend our platform.

And, you know, it really expands our XDR capabilities to ingest other third-party data. Because obviously, we have a lot of our own data, but pulling other third-party data I think was important. So we connected with them, and it was a good fit.

They’ve got a great opportunity in their space, and combining with CrowdStrike and the amount of data that we have and our customers have, and expanding our platform even beyond just core security was exciting. So that’s really how it all came together.

5. How would you assess CrowdStrike’s position in the XDR space?

I think XDR will be another space that we really help reset and maybe re-pioneer. Typically what we’ve seen is network vendors that have little visibility on the endpoint trying to basically pull artifacts of networks and endpoints and call it something special, which it really isn’t.

And what we’ve seen over time is that EDR vendors try to take a data lake like an ElasticSearch stack and throw a bunch of data in it and call it good. And it just doesn’t work. Now you have just more needles in a needle stack. So when we look at XDR, we always try to take a thoughtful approach to it. We’ve already organized the endpoint data, and smart filtering is a big part of what we do.

One of the things that sets us apart from any of our competitors is that we can move data around at scale. And it’s the right data, and being able to apply some of that expertise to the Humio technology I think will be a big win for them. You’re going to get a much more efficient XDR, a much more scalable XDR, and get better insights and outcomes from it.

So that’s really our focus. We think the current generation is, ‘let’s throw data in a big data lake and hope for the best,’ and we just don’t think that’s the right approach.

4. What stood out to you most about the Humio team? Will their CEO be joining CrowdStrike?

What they built I think is pretty amazing. When you look at this concept of index-free logging and their ability to actually compress all this information and scale it and get actionable insights. We’re technology folks, and we’d love deep technology expertise and really big thinkers that solve hard problems, and that’s what the Humio team has done.

When we looked at it and when we put it through to our testing - we have way more data than most companies are ever gonna see - it passed with flying colors. So that was impressive, as most things that we would try out would just break very quickly with the sheer amount of data that we could pump through something. I think there’s incredible alignment on what we can do together, and obviously a really talented team.

Yeah, she [Humio CEO Geeta Schmidt] (pictured) is coming over. A big part of any of these acquisitions is the teams coming over. She [Schmidt] is going to be running the Humio business unit, which is what we have it set up as. So we want to make sure that that’s got the right level of attention and integration with within CrowdStrike. So she’s excited about it, and will be a big part of the team going forward.

3. Why is pushing beyond security a good move for CrowdStrike?

If you look at what we’ve done to date so far, we have pushed into other areas like IT hygiene and SecOps and DevOps with containers. We’re not moving away from security, but we’re expanding our total addressable market into areas that people care about. So if you think about security hygiene, what assets do you have? What shape are they in? Do they have vulnerabilities? …

So this really allows us to provide monitoring on just about anything. I mean, we can observe the health of a Kubernetes container or the cluster. We have a lot of our customers that actually use our technology to monitor the health of their workloads and their endpoints, and we can tell you what the CPU is doing and what the disk space is doing. What’s happening? Is it overloaded?

We just have visibility because of where we sit with our agent. And what we figured out is that we’ve got beachfront real estate with the agents that we have. It’s hard to get agents out there. Ours works, and we’ve built a very scalable cloud agent architecture … So it gives us the flexibility to go into other areas that are related to security but are core IT pillars.

2. Has your strategy around acquisitions changed in recent months?

We’ve always looked at a lot of deals and we did a few small ones when we were private, tiny ones. And we typically like really good technology and and really good people. And being public now, obviously we’ve got public currency, we did a big bond race, we got a lot of cash in the bank from our IPO. So it’s always something we continue to look at.

We want to be really diligent and smart about it, and buy the best technology out there, and make that available to our customers. There’s not a week that goes by that we don’t look at a couple of companies with our team, but we’ve been super selective. And that’s, I think, paid off well for us in how selective we’ve been.

I think they should expect that we’re going to look for great people and great technology, and if it fits a need that we have, then we’ll look to bring them into the fold. But it’s a high bar and a pretty selective process.

1. How does CrowdStrike stack up against SentinelOne in XDR following their buy of Scalyr?

We feel really good. They [SentinelOne] would have loved to have this asset [Humio]. They had to buy something [Scalyr] in my opinion that doesn’t have the same scale and technology. From our standpoint, we know it [Humio] is the best in the industry for what they do, and we’re excited to have it.

And there’s a big difference between having a Threat Graph and not having a Threat Graph. Because we have a Threat Graph, our data is already all organized. SentinelOne has a hard time dealing with data at scale. And this concept of just forwarding data into a data lake and trying to sort it all out is just more needles in the needle stack.

And it’s not as easy as people think, which is why we’re excited because of the Threat Graph technology and the smart-filtering. It really gives you the power to get the right data to the right place, and then be able to slice and dice it. I think that really differentiates us from what others are doing.

[SentinelOne CEO Tomer Weingarten told CRN:We scoured this space for quite some time, and we’ve actually passed on Humio … We found Humio in many ways to be a replica of Scalyr. We found the innovation that Scalyr put into this space was so meaningful that Humio actually based a lot of their technology on Scalyr. I think they actually even made a reference to Scalyr on some of their blogs. So, all in all, I mean this is a little bit hard to grasp … There is no two versions of the truth here. There’s a timeline of events. All in all, we are big believers in the Scalyr technology. We know it’s superior to Humio’s. We also found a very good culture fit in Scalyr, which I can’t say we felt the same about Humio. We welcome George and CrowdStrike to the XDR space. I think to us it’s just a further validation of our strategy and vision. ]