CrowdStrike’s spending spree for safety posture administration capabilities continued with a deal to purchase Adaptive Defend, an Israeli startup that focuses on securing organizations’ software-as-a-service (SaaS) ecosystems and defending towards identity-based assaults.
Final week’s deal requires CrowdStrike to pay money and inventory for Adaptive Defend; CrowdStrike expects to finish the transaction by the top of January 2025. Press stories estimate the worth of the deal at round $300 million.
Based in 2019, Adaptive Defend is one in every of many corporations within the SaaS safety posture administration (SSPM) sector. Others embrace AppOmni, DoControl, Obsidian, and Reco.
Adaptive Defend’s platform helps greater than 150 SaaS purposes, together with Adobe, Google Workspace, Microsoft 365, Salesforce, Slack, and Zoom. It screens for misconfigurations and identification threats and affords a no-code instrument, known as Integration Builder, for customized SaaS purposes.
Aggressive Affect?
Omdia senior principal analyst Rik Turner wonders whether or not the deal will immediate CrowdStrike’s rivals, resembling Cisco, Palo Alto Networks, and SentinelOne, to observe go well with with their very own offers. General, it has been an energetic time for the acquisitions of cloud and information safety posture administration (DSPM) startups, he notes.
Adaptive Defend is CrowdStrike’s third acquisition of a safety posture administration supplier prior to now 18 months. In October 2023, it purchased Bionic, an early supplier of software safety posture administration (ASPM), extending safety danger visibility from code growth to cloud deployment. And earlier this yr, CrowdStrike purchased Circulation Safety, one other DSPM cloud platform that protects information at relaxation and in movement.
“In distinction, there was no such shopping for frenzy with SSPMs. CrowdStrike’s acquisition of Adaptive Defend is the primary deal of this type, elevating the query of whether or not it’d begin a development among the many purchaser’s rivals,” Turner famous in a current report.
CrowdStrike emphasizes that the addition of Adaptive Defend will enhance the potential of its Falcon platform to guard organizations towards identity-based assaults by including SaaS purposes to the combination.
As soon as built-in into Falcon, Adaptive Defend’s SSPM platform will give organizations visibility into misconfigurations, pointless or rogue privileges, and actions undertaken amongst accounts of on-premises and cloud identification suppliers, in addition to SaaS safety purposes. The addition “supplies organizations with granular visibility into their rising cloud environments, allows them to handle and safe their SaaS safety posture and their human and non-human identities, and helps them detect and stop identity-centric, cloud-focused cyberattacks,” CrowdStrike president Michael Sentonas defined in a weblog put up.
Ryan Terry, CrowdStrike’s senior product supervisor for identification, buttressed that message at an organization assembly final week in Amsterdam.
“Our imaginative and prescient is to unify identification safety throughout all the Falcon safety platform that features cloud safety,” he mentioned. “That can deliver ISMG [identity security posture management], CIEM [cloud infrastructure entitlement management], and ITDR [identity threat detection and response] collectively in an built-in approach, in a single single platform that can assist you handle at this time’s trendy identification challenges.”
Keying In on Identification
SaaS connectors will enhance visibility into menace exercise and precursors to identity-based assaults, says Forrester Analysis principal analyst Andras Cser. Including SSPM to CrowdStrike Falcon will fill a spot within the platform’s identification safety module, he says.
“Identification-wise, CrowdStrike claims they’ve ITDR, however in actuality, it is primarily cloud infrastructure entitlement administration, addressing how admins have entry to insurance policies that drive privileges on issues like [AWS] S3 buckets and Azure Blobs and issues like that,” Cser says. “It isn’t true [identity and access management] within the sense of consumer account provisioning/deprovisioning, federation, token service, and all these different kinds of issues.”
The Adaptive Defend SSPM and ITDR platform guarantees to supply a broad vary of safety towards such assaults by offering unified, hybrid identification administration for SaaS-based apps and on-premises authentication, notably Microsoft’s Energetic Listing.
Adaptive Defend’s platform additionally repeatedly screens generative AI-based SaaS purposes for configuration shifts and enforces safety requirements and privileges. It is also designed to forestall information exfiltration and uncover unauthorized AI purposes.
“Past identities, it additionally supplies visibility into misconfigurations and different dangers affecting SaaS purposes, so organizations can higher handle these points and detect and reply to threats,” Sentonas defined.
Identification-Based mostly Assaults Proceed to Mount
Vendor give attention to identification is not occurring in a vacuum. Menace actors have actively exploited identification by varied methods, together with password spraying, phishing, stealing professional credentials, and exploiting misconfigurations. For instance, after managing to get world administrator rights to MGM Resorts’ Azure cases final yr, Scattered Spider was capable of exfiltrate information and disrupt its operations. Earlier this yr, Microsoft was among the many victims of a password spray assault by Russia-based Midnight Blizzard (also referred to as Cozy Bear and APT29), compromising its company electronic mail methods. General, CrowdStrike says that 80% of breaches now have an identification element.
On the RSA Convention earlier within the yr, Sentonas and CrowdStrike co-founder and CEO George Kurtz demonstrated how hackers exploit identification supplier misconfigurations with phishable authentication elements to achieve entry to extremely privileged accounts.
“They transfer laterally as soon as they’re inside a company to attain their end result,” Sentonas mentioned.
Extra Identification Options within the Wings
Ross Penny, a principal technical strategist for CrowdStrike, mentioned the corporate plans to roll out a number of instruments to bolster CrowdStrike Falcon Identification by February. Amongst current and present deliverables embrace integration with AWS Identification Middle, which stories on the “full image” of dangers related to federated AWS accounts.
“In case you’re solely wanting inside AWS as a result of it is federated, you lack a variety of details about it,” Penny defined. “The truth that we all know the place that account lives and originates means you could have a a lot wider number of danger that you just’re ready to make use of to calculate these entry selections and detections.”
CrowdStrike can also be readying a coverage administration API that may be built-in into exterior workflows, Penny mentioned. CrowdStrike developed this API as a result of a lot of its prospects additionally use ServiceNow.
Early subsequent yr, CrowdStrike will prolong integration with different identification suppliers, together with Okta Common Listing, Google Workspace, and AWS permission utilization evaluation. CrowdStrike additionally plans so as to add assault path detection throughout these a number of identification suppliers in 2025.
Do not miss the upcoming free Darkish Studying Digital Occasion, “Know Your Enemy: Understanding Cybercriminals and Nation-State Menace Actors,” Nov. 14 at 11 am ET. Do not miss periods on understanding MITRE ATT&CK, utilizing proactive safety as a weapon, and a masterclass in incident response; and a number of high audio system like Larry Larsen from the Navy Credit score Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Learn of Mandiant Intelligence, Rob Lee from SANS, Dr. Max Smeets from ETH Zurich, and Elvia Finalle from Omdia. Register now!
