CrowdStrike to Acquire Flow Security, Sets the Standard for Modern Cloud Data Security

With this acquisition, CrowdStrike will redefine modern data security with a unified platform that protects data at rest and in motion as it flows through the cloud, on-premises and within applications

I’m thrilled to announce CrowdStrike’s agreement to acquire Flow Security, a pioneer in data security posture management (DSPM) and the industry’s first and only cloud data runtime security solution. With this acquisition, CrowdStrike is setting the standard for modern cloud security with complete real-time data protection spanning endpoint and cloud environments, delivering the only cloud data protection platform that secures data both at rest and in motion.

Businesses now use and create more data than ever before, and much of it increasingly occurs in the cloud. This growing reliance on cloud has led to the dispersion of data across multiple cloud-based services and third-party APIs. Adversaries are more aggressively targeting sensitive data, accelerating their attacks, and growing more adept at exploiting gaps between cloud platforms and point products.

The modern workplace demands a modern approach to protecting data across the entire environment — a unified cloud security platform that natively protects data at rest and in motion as it flows through the cloud, on-premises and within applications.

 

Bringing DSPM to the Falcon platform enables us to accelerate and expand our data security innovation with new capabilities to discover, classify and protect data from the risk of exposure wherever it moves or resides. Flow Security’s technology will empower organizations with full visibility into their critical cloud data flows, insight into how their data interacts with applications, and the ability to detect when data is at risk or unintentionally leaving the environment.

In our extensive evaluations of the cloud data security market, Flow Security stood out as the most differentiated technology. While many cloud data security providers offer data discovery and classification, Flow Security goes a step further by providing real-time visibility into risk for data both at rest and in motion. Flow Security provides a perfect complement to CrowdStrike’s industry-leading cloud security offerings by extending runtime level threat analysis to the data layer.

 

An organization’s data is among its most valuable assets, and securing it should be a top priority. This acquisition will fuel our innovation in developing the technologies businesses need to protect their most critical data in a cloud-first world.

Adversaries Exploit Cloud Security Gaps

As more organizations move operations to the cloud, adversaries are developing skills to exploit gaps in protection that stitched-together platforms and cloud point products create. The CrowdStrike 2024 Global Threat Report found a 75% increase in cloud intrusions in 2023. Cloud-conscious cases — in which an adversary is aware they have breached a cloud environment and use cloud-specific features to achieve their goals — were up 110%.

Organizations’ most critical information remains adversaries’ primary target. Data theft extortion continues to be an attractive monetization route, as evidenced by the 76% increase in data theft victims named on the dark web. If a ransomware victim won’t pay, or asks for a reduced ransom, the adversary will extort them by threatening to publicly post their stolen data online.

The message is clear: Adversaries are operating in the cloud — and they’re targeting sensitive data. But defending against modern attacks is increasingly difficult for today’s businesses. The accelerating speed of application development contributes to fragmented cloud environments and makes it challenging for security teams to keep up with the number of places their data might reside. Traditional data security tools are simply not built to protect growing data stores.

 

Following the closing of this acquisition, CrowdStrike plans to fully deliver native Flow Security DSPM capabilities in CrowdStrike Falcon® Cloud Security as part of the Falcon platform, enabling customers to consolidate cloud point solutions and gain complete visibility and protection of their entire cloud estate, spanning cloud workload protection, cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), application security posture management (ASPM) and now DSPM.

 

A Modern Platform for Modern Businesses

CrowdStrike, the pioneer of cloud-native cybersecurity, was born in the cloud to protect the cloud. We have been consistently recognized for our industry-leading cloud security strategy. This acquisition will further advance our position to give customers the best outcomes with the Falcon platform.

Flow Security is a crucial long-term piece in our holistic data security vision. It offers robust DSPM capabilities for cloud environments, with a differentiated approach to scanning and runtime, to create a full view of risk across cloud infrastructure and application environments.

This acquisition comes shortly after CrowdStrike’s acquisition of Bionic, which enables us to offer our customers the most comprehensive cloud-native application protection platform (CNAPP) in the industry today. It also closely follows our announcement of CrowdStrike Falcon® Data Protection, which provides organizations with full visibility into their data as it moves across endpoints and egress points. We are pioneering the most complete data protection offering, from code to application to device to cloud.

CrowdStrike is committed to protecting our customers’ valuable assets as they continue to grow. We know today’s businesses require data protection on-premises and in the cloud. They need a unified solution to determine where their data resides, how it’s being used and moved, whether they have the necessary policies in place to protect it, and the steps they need to take to ensure those policies are in place. With the acquisition of Flow Security, we are proud to provide that solution.

 

Forward-Looking Statements

This blog contains forward-looking statements, including statements regarding the closing and benefits of the proposed acquisition. These statements involve risks and uncertainties, and actual results may differ materially. There are a number of risks which could cause actual results to differ materially, including the satisfaction of the acquisition’s closing conditions, our ability to integrate Flow Security, and other risks described in the filings we make with the Securities and Exchange Commission from time to time.