Summary: CrowdStrike is in negotiations to acquire Action1, a patch management and vulnerability specialist, for nearly $1 billion, amid discussions of Action1’s rapid growth in the market. This potential acquisition follows a recent global IT outage caused by a faulty CrowdStrike software update, highlighting the need for improved vulnerability management.
Threat Actor: CrowdStrike | CrowdStrike
Victim: Action1 | Action1
Key Point :
- CrowdStrike’s acquisition talks with Action1 indicate a strategic move to enhance vulnerability management capabilities.
- The recent IT outage linked to CrowdStrike’s software update has underscored the importance of quality control in software development.
- Action1 is experiencing hypergrowth and is projected to reach $100 million in annual recurring revenue.
- CrowdStrike plans to improve its internal development procedures following the software incident.
Dive Brief:
- CrowdStrike is in talks to acquire Action1, a Houston-based patch management and vulnerability specialist. The agreement being discussed would value the company at nearly $1 billion, according to a memo sent to Action1 employees.
- Action1 Co-Founder and CEO Alex Vovk sent a memo to employees Wednesday confirming the discussions, after speculation around the talks gained within the company. A spokesperson for Action1 confirmed the authenticity of the memo to Cybersecurity Dive Friday.
- “This proves that Action1 is in a rapidly growing market and explains why Action1 is experiencing hypergrowth and is on track to soon reach $100M AAR,” Vovk wrote in the memo.
Dive Insight:
The discussions come weeks after CrowdStrike caused a global IT outage due to a faulty software update in its Falcon security platform. The software crash was the result of an out-of-bounds memory read error due to a mismatched update in the software update for the Falcon sensor.
About 8.5 million Windows devices were impacted by the defective update, leading to thousands of flight cancellations at major airlines, canceled surgeries and other medical procedures at hospitals and temporary disruptions of multiple 911 emergency services in several U.S. states.
The outage highlighted a continuing problem in the software and security industries in dealing with software development practices and managing vulnerabilities. Memory safety issues have been a long standing issue that federal officials have linked to recent security vulnerabilities.
An acquisition of a firm like Action1 could bolster the ability of CrowdStrike to better manage those vulnerabilities and conduct better quality control over its software updates.
CrowdStrike CEO George Kurtz has apologized repeatedly for the incident and the company has disclosed plans to overhaul its internal development procedures, including more frequent software testing and phased rollouts of software updates.
The company however declined to comment on the specific claims.
“In the current environment, misinformation has become increasingly prevalent,” a spokesperson said via email. “As a policy, we do not respond to rumors or speculation.”
Source: https://www.cybersecuritydive.com/news/crowdstrike-pursuing-deal-action1/723849