CrowdStrike will pay $740 million to acquire identity security startup SGNL, adding real-time authorization capabilities that grant and revoke access based on current risk conditions rather than static permissions.
The deal, expected to close in CrowdStrike’s fiscal first quarter ending April 30, will be paid mostly in cash with some stock subject to vesting, CrowdStrike said in a statement.
SGNL’s technology sits between identity providers and resources, evaluating access requests using contextual data, including user behavior, device posture, and threat intelligence.
The acquisition reflects growing concern about non-human identities such as service accounts, API keys, and AI agents that operate with broad permissions across cloud environments. Machine identities now outnumber human identities by as much as 82 to 1 in some environments, according to industry estimates cited by Gartner.
“AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected,” CrowdStrike CEO George Kurtz said in the statement.
Filling a capability gap
CrowdStrike is adding SGNL’s capabilities to address this risk. The technology works with existing identity systems from Okta, Microsoft, and AWS rather than replacing them.
“This isn’t just consolidation — it fills a real gap in dynamic, risk-aware authorization,” said Meng Liu, senior analyst at Forrester. “As AI agents and insider threats rise, static IAM is no longer enough.”
The approach differs from traditional identity and access management, which typically authenticates users at login and relies on periodic access reviews. SGNL evaluates access continuously, revoking privileges immediately when conditions change. For instance, if CrowdStrike’s Falcon platform detects suspicious endpoint activity.
“SGNL offers continuous, contextual authorization that can make split-second decisions based on real-time signals, something traditional IAM systems have struggled with,” said Apeksha Kaushik, principal analyst at Gartner. Gartner predicts that by 2028, 25% of enterprise breaches will be traced to AI agent abuse from both external and malicious internal actors.
Analysts argue that the acquisition will not make CrowdStrike a competitor for IAM platforms. “This fills a specific capability gap around real-time identity threat detection and enforcement, an area where traditional IAM platforms are comparatively static,” said Arjun Chauhan, practice director at Everest Group. “Microsoft and Okta primarily own identity lifecycle management, authentication, and access governance.”
Market consolidation accelerates
The $740 million price reflects broader consolidation as cybersecurity vendors race to expand identity capabilities. The deal marks the latest in a wave of identity security acquisitions as platform vendors expand beyond core products. Liu compared the move to Palo Alto Networks’ acquisition of CyberArk in 2025, noting both vendors are racing to combine detection and enforcement into a single platform.
“Identity has become the center of gravity in cybersecurity,” said John Paul Cunningham, CISO at Silverfort. “We’re seeing clear segmentation emerge: pure identity security players, hybrid vendors trying to bolt identity into existing products, and large platform companies like Palo Alto Networks and now CrowdStrike expanding as part of broader security ecosystems.”
The identity security market is expected to grow from approximately $29 billion in 2025 to $56 billion by 2029, according to IDC data cited by CrowdStrike. The $740 million price follows Okta’s $6.5 billion purchase of Auth0 in 2021 and Thoma Bravo’s $2.3 billion take-private of ForgeRock in 2023.
SGNL was founded by former Google employees and raised approximately $75 million from Costanoa Ventures and CRV before the acquisition.
Enterprise adoption questions
Whether continuous authorization becomes standard practice depends partly on how rapidly non-human identities proliferate. “The urgency is real, but uneven across enterprises,” Chauhan said. “In client conversations, we increasingly see interest in adaptive and continuous authorization, especially in regulated industries, digital-native enterprises, and organizations with high levels of third-party or machine identity access.”
Most enterprises are not replacing traditional IAM. “Instead, they are layering real-time controls on top of existing IAM to address gaps around insider risk, session-level anomalies, and post-authentication compromise,” Chauhan said.
The practical challenge is defining policies that adapt to dynamic conditions. Unlike role-based access control, continuous authorization requires organizations to establish baseline behavior patterns and acceptable risk thresholds.
Integration details remain unclear. CrowdStrike has not disclosed when SGNL capabilities will be available to Falcon customers, whether they require additional licensing, or what changes to existing IAM configurations may be necessary.
The acquisition is part of CrowdStrike’s platform expansion spree following the July 2024 software update incident that caused widespread Windows system outages. The company reported fiscal third-quarter annual recurring revenue of $4 billion in December, up 25% year-over-year.
“This should primarily be viewed as long-term platform expansion rather than a short-term recovery signal,” Chauhan said. “CrowdStrike has been steadily positioning itself as a broader cybersecurity platform for several years. The acquisition reinforces that trajectory and helps reduce overreliance on endpoint security alone.”
The original article found on Ni8mare: Kritische n8n-Lücke bedroht 100.000 Server | CSO Online Read More
