Attack Surface Management , Security Operations
CrowdStrike to Buy Reposify to Secure Attack Surface, AssetsReposify's Internet-Scanning Assets Will Give Customers an Adversary's View of Risk
The attack surface is expanding through digital surfaces such as applications, ports, servers and websites as well as physical surfaces, including desktops, laptops, mobile devices and USB ports. Poor coding, lax practices and misconfiguration are creating unforeseen vulnerabilities in large enterprises.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
To help organizations detect and eliminate risk from vulnerable and unknown assets, CrowdStrike has purchased external attack surface management startup Reposify. CrowdStrike says their combined services will help give customers an adversary's view of risk across their internal and external attack surfaces.
The Austin-based based endpoint security titan says its proposed buy of San Francisco-based Reposify will allow CrowdStrike to combine its insights on endpoints and IT environments with Reposify's internet-scanning capabilities to help customers reduce overall risk. Reposify will become part of CrowdStrike's security and IT operations product suite (see: CrowdStrike CEO George Kurtz: Identity Can Be as Big as XDR).
"Reposify's technology delivers an outside-in perspective of an organization's global external risk, providing deep visibility into what connected devices are vulnerable and most likely to be targeted," CrowdStrike co-founder and CEO George Kurtz says. "This acquisition will provide customers an adversarial view of their external-facing risk and vulnerabilities so they can be more proactive."
Terms of the acquisition, which is expected to close in the fiscal quarter ending Oct. 31, weren't disclosed, and CrowdStrike executives weren't available Tuesday to provide additional details to Information Security Media Group. CrowdStrike's stock was down $0.51 - 0.29% - to $174.88 per share in trading midday Tuesday.
Bringing IT Out of the Shadows
Reposify, founded in 2017, employs 23 people and closed an $8.5 million seed funding round in December 2021 led by Joule Ventures and First Rays Venture Partners. Reposify founder Yaron Tal led the company until June 2021. Tal had previously established website antivirus provider 6Scan. Former Cynet CEO Uzi Krieger was tapped to lead Reposify in July 2021, and Tal moved to the CTO role.
"We built Reposify to enable organizations on a global scale to have visibility into the unprotected assets from the vantage point of attackers, and look forward to integrating our groundbreaking technology into the world-class CrowdStrike Falcon platform," Tal says in a statement.
Reposify's founders believed that existing external asset surface management and internet-scanning tools weren't delivering what customers needed when it came to understanding risk from an adversary's perspective, CrowdStrike CTO Michael Sentonas writes in a blog post. This prompted Reposify to eschew traditional external attack surface management approaches and technology in hopes of finding a better way, according to Sentonas.
The company's technology leverages one of the largest databases of internet-facing assets, which he says allows customers to obtain a complete view of their external attack surface with the simple click of a button. Both CrowdStrike and Reposify share a vision of delivering deep visibility of organizational risk to all customers to help them stay ahead of adversaries and stop breaches, Sentonas says (see: CrowdStrike's Michael Sentonas on Identity, Cloud and XDR).
"External attack surface management is critical to maintaining a strong security posture and moving away from a reactive approach to security," Sentonas writes. "By understanding where shadow IT, legacy systems and unknown infrastructure potentially expose an organization, customers will be able to take a more proactive approach to managing risk, fortifying security posture and increasing resilience."
Going Back to the M&A Well
This is CrowdStrike's first acquisition since November 2021, when the company bought data protection startup SecureCircle for $60.8 million to extend its zero trust endpoint security device and identity capabilities to include data. Israeli financial newspaper Globes reported in July that CrowdStrike plans to spend $2 billion to buy one or more Israeli cybersecurity companies, but no deals have materialized so far.
The SecureCircle deal came eight months after CrowdStrike purchased log management startup Humio for $400 million to strengthen its ability to ingest and correlate data from any log, application or feed. Six months earlier, CrowdStrike acquired access control and threat prevention startup Preempt Security for $96 million to help customers protect identity data without compromising productivity or user experience.
The first acquisition in CrowdStrike's 12-year history took place in October 2017, when the company bought automated malware analysis system Payload Security for $8 million.