Cybersecurity giant CrowdStrike is in talks to acquire Action1, a cloud-based patch management and vulnerability remediation company for close to $1 billion.
According to a source close to the matter who requested anonymity, Alex Vovk, CEO and co-founder of Action1 shared this news with employees in an internal email. This potential acquisition could be a strategic move for CrowdStrike, especially in the wake of the recent Falcon update error that caused a global Windows outage.
“In light of the rumors inside the company, I would like to confirm that CrowdStrike is interested in acquiring Action1 with an estimated transaction value close to one billion dollars,” said Vovk in the internal email that CSO Online has a copy of.
Neither of the companies responded to the requests for comment at the publishing of this article.
Patching up the patch mishap
The timing of this development is notable, as CrowdStrike faces significant scrutiny over the August 2024 Falcon update, which inadvertently led to widespread system disruptions. With this acquisition, CrowdStrike could be aiming to bolster its capabilities in patch management and vulnerability remediation, ensuring more robust and reliable updates in the future.
“Action1 is known not only for the ability to deploy patches to 100% of endpoints, but also to have the ability to deliver software updates, and to be customizable,” said Agnidipta Sarkar, vice president for CISO advisory at ColorTokens. “While the actual reasons for the acquisition are best known to the leaders at CrowdStrike, it could possibly help the company avoid similar mishaps and at the same time extend Falcon’s capability to manage vulnerabilities seamlessly.”
Action1’s expertise in patch management aligns well with CrowdStrike’s current need to enhance its update mechanisms. By integrating Action1’s technology into its platform, CrowdStrike could significantly improve the testing and deployment of updates, something it faced widespread criticism for in the months following the Falcon goof-up.
Implications for customers
The $1 billion valuation is a substantial investment for CrowdStrike and could be viewed as part of the broader costs associated with the Falcon-induced outage. The disruption caused by the faulty update not only impacted customers but also damaged CrowdStrike’s reputation, leading to potential revenue losses and increased pressure to ensure such an incident doesn’t happen again.
For customers, the potential acquisition could bring both benefits and uncertainties. On one hand, they can expect enhanced security and reliability from CrowdStrike’s platform, thanks to the integration of Action1’s technology. On the other hand, there may be concerns about how the acquisition will impact pricing, service delivery, and overall business strategy. In any case, the deal is a definite strategic win for Action1, as it validates the value of its technology, providing an advantage in the competitive cybersecurity landscape. “This proves that Action1 is in a rapidly growing market and explains why Action1 is experiencing hypergrowth and is on track to soon reach $100 million ARR,” Vovk said in the internal memo.
