CRWD acquires Humio

Looks like we have an acquisition to discuss.

https://finance.yahoo.com/news/crowdstrike-acquire-humio-del…

CrowdStrike adds best-in-class data ingestion to extend its leadership with a true multi-tenant, cloud-native platform that delivers superior contextual insights and powers decision-making at enterprise scale

CrowdStrike Holdings, Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint and cloud workload protection, today announced it has agreed to acquire Humio, a leading provider of high-performance cloud log management and observability technology. Under the terms of the agreement, CrowdStrike will pay approximately $400 million to acquire Humio, subject to adjustments. The acquisition is expected to close during CrowdStrike’s fiscal first quarter, subject to customary closing conditions.

“We conducted a thorough market review of existing solutions and were amazed by Humio’s mature technology architecture and proven ability to deliver at scale,” said George Kurtz, co-founder and chief executive officer of CrowdStrike. “The combination of real-time analytics and smart filtering built into CrowdStrike’s proprietary Threat Graph and Humio’s blazing-fast log management and index-free data ingestion dramatically accelerates our XDR capabilities beyond anything the market has seen to date.”

24 Likes

This seems to be a good, digestible, description of what Humio does, which indeed seems scalable and useful way of reducing time and disk space needed for logs:

https://www.humio.com/whats-new/blog/index-free-logging-are-…

“The world of log management is ridden with woes because most solutions are based on a classical database technology: the index. Indexing has been an accepted and useful approach to collecting and analyzing log data for well over a decade. But its time has passed. Based on index-free architectures, modern log management systems like Humio, Loki, and Scalyr provide faster service at a much lower cost”

Building an index takes time (CPU cycles as well as wall-clock time), and an index needs disk space.

If the time and space to build the index grows out of proportion with the real data that you are actually interested in, then you have lost.

Consider a cartographer creating a map – she has to work within certain constraints to produce useful work: (a) the map should be of appropriate scale i.e., producing a map that’s bigger than the real world is useless, and (b) it must be finished in a timely fashion to be useful – if realities have changed before the map is done then it is only of historical interest.

The logging use case and the nature of logging, event, and trace data compound to make indexing a bad match for this application.

5 Likes

Based on this, Is CRWD on a collision course with DDOG? Which company has a control point in this process - a security company who integrates data logs or a data log company who integrates security? Asking for a friend…

7 Likes

Based on this, Is CRWD on a collision course with DDOG? Which company has a control point in this process - a security company who integrates data logs or a data log company who integrates security?

As I was working through that post what I ‘figured’ was that they are acquiring the ability to READ logs faster and with less data space required. This means the software to determine security issues would get results OUT of the logs faster meaning quicker identification.

I didn’t read it as a way for customers to read their logs.

6 Likes