As security use cases demand more analytics, CrowdStrike nabs Humio for its XDR offering

February 19 2021
by Fernando Montenegro, Matthew Utter


The reality for security teams as they triage alerts, respond to incidents, or conduct independent investigations is that there is always a need for additional context and correlation to the myriad pieces of data that may be relevant to the task at hand. The industry has been increasingly adopting the concept of extended detection and response (XDR) to address this need, often by bringing together discrete sources of telemetry backed by deeper analytics. Aiming to enhance its XDR capabilities, CrowdStrike has purchased log management vendor Humio.
Snapshot Snapshot






Security operations

Deal value


Date announced

February 18, 2021

Closing date, expected

End of Q1 FY 2022 (April 2021)


None disclosed

The 451 Take

Alongside secure access service edge, zero trust and DevSecOps, XDR is one the larger current trends in the security space. It is emerging as a proposed approach to address the challenge of quickly bringing together insights from disparate sources in a manner that supports different security operations use cases. This is pushing vendors to add capabilities – be it via engineering, acquisition or collaboration. If you're a telemetry-centric firm, it means you're likely looking to improve your analytic capabilities, both data engineering and analytics. If you're an analytics specialist, your search is for telemetry sources.

CrowdStrike's pickup of Humio fits well into this dynamic: the buyer already has custom graph-based analytics for typical security use cases, but is looking to Humio for larger-scale data engineering with additional data sources. The company has used its endpoint beachhead to support additional use cases and can likely benefit from these increased capabilities. This pursuit of additional data sources is timely, as other strategic rivals usually have broader product portfolios that they can leverage for XDR-like integration.

Deal details and rationale

CrowdStrike is paying approximately $400m for Humio, predominantly in cash. The transaction is expected to close during the acquirer's fiscal quarter ending in April 2021.

The key rationale for CrowdStrike is that Humio will enable it to ingest different sources of data at scale and then perform analytics on the data, be it structured or unstructured. The company has an existing offering based primarily on its endpoint agent from which it derives activity data covering different aspects of security, including endpoint activity, vulnerability data, network activity, and more.

For Humio, the sale represents a profitable exit for its investors and alignment with a significant cybersecurity provider. The target's team is slated to become a separate business unit that will be run by its CEO, Geeta Schmidt. According to CrowdStrike, Humio will continue to support non-security use cases.

The endpoint-centric approach followed by CrowdStrike and others could find a receptive audience. According to 451 Research's 2020 survey, the most frequent choice for respondents when asked about how they expect to derive security insights following some loss of telemetry due to forced remote work was by gathering data from endpoints.

Figure 1

Endpoints Are a Key Source of Security Telemetry
451 Research 2020

Target profile

London-based Humio was founded in 2016. Now with approximately 70 employees, the company is led by its founders: CEO Geeta Schmidt, CTO Kresten Krab and VP of engineering Christian Hvitved. It has additional locations in San Francisco, Seattle and Aarhus, Denmark.

Schmidt served in roles at Sun Microsystems and Trifork and has experience in financial services and market development. Krab held positions in software engineering and consulting and was a founder and CTO of Trifork. Hvitved also worked at Trifork and was a cloud developer at Xamarin before collaborating with Krab to found Humio.

The vendor has raised a total of $31.8m, with the latest round closing in March 2020 for $20m. The series B was led by Dell Technologies Capital, with participation from Accel, Alumni Ventures Group and West Hill Capital.

Humio offers cloud log management and observability technology. It ingests structured and semi-structured log, application and feed data and can store large quantities of this information via its data compression technology and unlimited ingest plans. Users can view their data in live time through different visualizations that can provide teams with information to make decisions and enable concepts such as DevOps, SecOps and ITOps within their organizations. Users can also query this data to gain context about specific use cases.

Acquirer profile

CrowdStrike was founded by Dmitri Alperovitch, George Kurtz and Gregg Marston in 2011. Headquartered in Sunnyvale, California, the company went public in 2019 on the Nasdaq and currently has about 3,000 employees across the world. It has built a cloud-based security offering initially heavily centered on endpoint security. This includes a combination of endpoint prevention, endpoint detection and response, device control, threat intelligence, and more. CrowdStrike has a marketplace for adding functionality from partners and established a collaboration with Okta, Proofpoint and NetSkope aimed at securing remote workforces. The vendor bought Preempt Security in September 2020, seeking to derive additional identity-based insights.


Extended detection and response as a trend is bringing together different submarkets such as endpoint security, security operations, network security, security analytics, and more. This means the field has a broad swath of competing vendors.

Key players pursuing XDR-specific messaging include Palo Alto Networks, Trend Micro, Microsoft, SentinelOne, Cybereason, Cisco, VMware, FireEye, and others. What's common between all of these firms is that they have their own sources of telemetry but are looking to enrich their analysis. Notably, SentinelOne recently made a move similar to CrowdStrike's purchase of Humio with the pickup of Scalyr. Other vendors pursing an XDR approach include Confluera, Hunters.ai (itself a CrowdStrike partner), Stellar Cyber, Cynet, and others.

CrowdStrike's reach beyond typical endpoint security into broader operations also brings rivalry from Tanium, Qualys, Rapid7, Tenable, and others. With CrowdStrike indicating that Humio will be a separate business unit and will continue to support non-security use cases, it may continue to vie with vendors such as Splunk, DataDog, Logz.io, SumoLogic, Dynatrace, New Relic, Cisco AppDynamics, and others.