With online security breaches now a regular staple in news headlines, it is little wonder that investment in cyber security companies and technologies has been steadily growing over the years.
Over the last eight quarters, including the second quarter this year, investors have plowed some $4.6 billion into this space, according to CB Insights.
Deal size, at least at the top end of the spectrum, is also growing. Last year Tanium raised a $90 million in growth equity round and Lookout secured a $150 million Series F round. This year Illumio raised $100 million in a Series C round.
Now we can add CrowdStrike to the list: the company has just announced it closed a $100 million financing round led by Google Capital with participation from Rackspace and existing investors Accel and Warburg Pincus.
What's $100M to Google?
For Google, $100 million is all in a day's work. For the online security industry, it is, as the above figures show, fairly huge.
Indeed, the average deal size for such investments is far far less, as Cybersecurity Ventures notes in its second quarter report on the industry.
More typical transactions are illustrated by Lookingglass Cyber Solutions, a cyber threat intelligence monitoring and management provider, that closed a $20 million Series B round in March, or CloudLock, which raised $6.7 million in its fourth round of funding.
Cloud application security company Veracode is planning to go public in May, according to Cybersecurity Ventures, which cites a news report as its source. Veracode has raised over $110 million in venture capital funding, but broken out they have been relatively modest — the most recent round was a $40 million Series F infusion last September led by Wellington Management.
So what gives about Google's investment? Or put another way, what is so special about CrowdStrike? One possible response is that Google just goes big in whatever technology it sees value.
"Google recognizes the current system is broken and needs repair and that the future is bright for security," Robert Siciliano CEO of IDTheftSecuriy.com, told CMSWire.
But it is not just that. Google Capital invests in companies that are "poised to drive disruption in their respective markets by harnessing these technologies," as it says on its website. And incidentally, this was the two-year old equity fund's first security investment.
So, again — of the 1,000 security companies in the market, why CrowdStrike?
Falcon Platform's Behavior-Based Approach
Actually George Kurtz, co-founder of CrowdStrike, posed that question (and — hat tip to him — dug up the number of companies in this space, so I didn't have to) in his blog post on the investment.
CrowdStrike has developed a cloud-based product called Falcon Platform.
It has many attributes attractive to a customer — Kurtz cites as one example a customer's ability to install a lightweight endpoint sensor quickly. In his blog post Kurtz tells of a financial services customer that installs over 77,000 endpoint sensors in less than two hours with no reboots.
But surely that is not the reason alone why Google Capital endowed the company with $100 million.
A more likely reason is CrowdStrike's approach to security, which Kurtz describes as focusing on "behaviorally looking for Indicators of Attack (IOA) vs. Indicators of Compromise (IOC)."
While IOC hunting is not a bad practice, he writes, "If it is your main way to detect a security compromise it might be time to rethink your approach."
The Industry Catches On
Other security companies appear to think so too.
"User Behavior Analytics is rocking this year’s security conferences," writes Idan Tendler, CEO of Fortscale, for Smart Data Collective.
"Rather than trying to build an ever stronger perimeter, the discussion has changed substantially," he writes. "Security professionals are investing more resources than ever before into collecting and analyzing vast amounts of user-specific event and access logs which holds the promise of major security benefits…"
Indeed, opportunities appear to be ripe for this approach. A report by Insider Threat Spotlight noted that only 21 percent of organizations continually monitor user behavior on their networks, compared to 75 percent of companies that focused on monitoring their applications' security controls.
Rackspace Eats the Cooking
Perhaps the best indicator, though, of this approach's success is Rackspace's participation in the funding round.
Rackspace has been using Crowdstrike for close to two years, not only for itself but also for its 300,000 customers, Kurtz writes. "[T]hey have validated our technology flat out works where others failed."