CrowdStrike Holdings, Inc. (CRWD) recently acquired capabilities in Zero Trust and identity protection via Preempt Security. CRWD is expected to pay $96m ($86m in cash and $10 in stocks) to seal this deal. This article explains how the acquisition fits into the big picture. It also highlights the impact of the acquisition on CrowdStrike's competitive positioning and the value-generating options it provides.

Source: Preempt

Preempt Security is a provider of identity security and zero trust solutions. The Zero Trust security standard is the next bar to be met by modern cybersecurity platforms. The premise behind Zero Trust stems from the need to develop adaptive security and content-aware solutions as more devices, users, and apps operate beyond the enterprise network. Identity management & security platforms are instilled with Zero Trust capabilities because managing identities, granting access, and revoking access enable the development of robust Zero Trust strategies. I expect Preempt to help with user and account discovery, vulnerability assessment, threat detection, and access management.

The Big Picture

Preempt's technology is not only an important component of the Zero Trust journey but it also allows customers to improve detection and prevention of attacks such as Zerologon or reconnaissance tools such as Bloodhound. - Source - CrowdStrike

The acquisition of Preempt highlights the power of CrowdStrike's cloud platform. This isn't a typical cybersecurity acquisition. Once the post-acquisition integration is complete, the capabilities acquired from Preempt will be consumed as a module. This is important as more workloads shift to the cloud. This acquisition will give enterprises evolving their cloud security strategies more conviction as they seek partners in endpoint and identity security. This applies to enterprises that are evolving their cybersecurity strategies and enterprises migrating to cloud platforms or refreshing their on-prem solutions. Straight out of the box, Preempt gives CrowdStrike the ability to integrate with leading identity management platforms like Okta (OKTA) and Ping (PING). CrowdStrike can use its threat intelligence network to enforce zero-trust policies on identities by leveraging MFA (multifactor authentication) and SSO (single sign-on) instructions from IdaaS players. This improves CrowdStrike's threat prevention capabilities. Preempt's behavior analytics and privilege management capabilities will complement CrowdStrike's EDR capabilities as Preemept provides more visibility into active directories and network accounts. CrowdStrike's vulnerability management module will also gain from user and device visibility capabilities. Lastly, CrowdStrike's Falcon control module can also benefit from Preempt's conditional access capabilities.

Competitive Positioning

Preempt plays in the identity and access security space. This space can be broken into three broad segments. The three segments provide a picture of the potential for CrowdStrike to expand the capabilities of its identity security offerings.

Privileged access management: protects accounts and devices with admin rights and privileges on a network. This prevents vectors like phishing and spear-phishing attacks targeted aimed at C-level execs and confidential accounts. This market is led by CyberArk, Thycotic, and Beyond Trust.

Identity governance and administration: identity governance and administration solutions help with identity and access management for compliance, analytics, and governance. Demand has been driven by growing market awareness, data compliance laws, and regulations. Top players in this space include Sailpoint (SAIL), IBM, and Oracle (ORCL).

Access management: this space is targeted at evolving identity security and access management solutions for employees and customers of enterprises worldwide. Solutions provide centralized access management, policy enforcement, session management, and authentication of users. Top players in this space include Okta, Ping Identity, and Microsoft (MSFT).

In recent quarters, players in the three segments have evolved capabilities to extend beyond their niche. CyberArk recently acquired Idaptive, a leader in SaaS-based identity security. Okta acquired ScaleFT to improve its Zero Trust capabilities. Okta's momentum has been the most pronounced because its solutions are cloud-native, just like CrowdStrike.

While the competition in the IAM space is worth highlighting, the acquisition of Preempt appears to be an inevitable move that will foster more collaboration. CrowdStrike's cloud platform will strengthen its positioning, as most IAM players are still migrating customers to their cloud solutions. I think it will be easy for customers that have hesitated to migrate to cloud platforms to jump ship and pick CrowdStrike. This is mostly true for solutions that are closely tied to cybersecurity. Some identity and access management solutions have evolved due to the need to simplify the usability of IAM solutions for enterprise apps and users. This is especially true for players like Okta. Okta's cloud-native platform is also an advantage as it acquires market share.

Monetization Opportunity

Zero Trust is a strategic imperative. Modern cybersecurity platforms betting on cloud security need Zero Trust capabilities as they acquire market share. In terms of identity security, Preempt adds $2b to CrowdStrike's TAM. This is plausible when you weigh the growth options from new and existing customers. I reckon many CrowdStrike customers already use MFA and SSO solutions offered by Okta, Microsoft, and Ping. Preempt's solid integrations with top IDaaS players will only strengthen the security posture of CrowdStrike's customers.

Identity security is one of the strategic pillars of next-generation cybersecurity platforms. CIOs that have delayed partnering with CrowdStrike have no reason to wait. CrowdStrike appears to be the most robust platform with all the required cybersecurity goodies for enterprises rethinking their security transformation projects. This will catalyze its cloud security strategy.

CrowdStrike now appears to be completing its acquisition of all the capabilities needed to differentiate itself as a leading cybersecurity platform. I see the potential for CrowdStrike to evolve deep capabilities in the remote work and insider threat segments. Turning the $96m acquisition of Preempt into a sizable market share in the identity security space appears inevitable. This will be enabled as Preempt improves CrowdStrike's EDR, vulnerability management, and device control modules.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.