CrowdStrike Holdings Inc. today said it’s paying about $400 million to acquire Humio Inc., a startup with a software product that processes security data in near-real time to catch cyberattacks as they happen.

CrowdStrike will use Humio’s software to upgrade the capabilities of its breach prevention platform. 

Platforms such as Falcon catch threats lurking in companies’ networks by analyzing vast amounts of machine-generated operational data from servers, employee devices and other endpoints. The faster the information can be processed, the faster hacking attempts can be detected. Humio’s high-speed data processing product will enable CrowdStrike to enhance its capabilities in that key area.

Humio specializes in analyzing log data. Processing logs normally requires generating a data structure known as an index, which helps organize the incoming information into a form that’s easier to process.

Generating the index takes time, meaning users have to wait before they can interact with their information. Humio’s product implements an index-free approach that skips this step and thereby allows logs to be processed much quicker, in some cases with subsecond latency.

The speed increase makes it possible to to investigate breaches as they happen using the most up-to-date data about the incident. As a result, administrators can spot and respond to breaches faster.

A secondary benefit of Humio’s approach, which was likely also a factor behind CrowdStrike’s decision to acquire the startup, is that removing the need for an index frees up storage space. That’s important because enterprises have a limited amount of capacity available for storing logs. Making more efficient use of storage space makes it possible to retain logs for longer time periods, which means administrators have more context to work with when investigating breaches.

Humio’s software will complement the existing technologies CrowdStrike uses in its security platform to increase the efficiency of data analysis. The company has developed, among others, a patent-pending mechanism for filtering unnecessary security records.

“The combination of real-time analytics and smart filtering built into CrowdStrike’s proprietary Threat Graph and Humio’s blazing-fast log management and index-free data ingestion dramatically accelerates our XDR [extended detection and response] capabilities beyond anything the market has seen to date,” said CrowdStrike Chief Executive George Kurtz (pictured).

CrowdStrike will pay most of the $400 million acquisition price in cash. The rest will be provided in the form of rollover equity awards. Humio previously raised more than $30 million from investors, including Dell Technologies Inc.’s venture capital arm. 

The acquisition is expected to complete in CrowdStrike’s fiscal first quarter. It comes less than two weeks after cybersecurity provider SentinelOne Inc. inked a  $155 million deal to acquire Scalyr Inc., a Humio rival with a similar, index-free log processing platform.

Photo: CrowdStrike