Identity security doesn’t typically make headlines, but CrowdStrike has made it so. The company announced it will acquire SGNL, an identity security startup, in a deal valued at roughly $740 million.
The goal is to secure every identity, including human users, non-human accounts, and AI agents, as access decisions become more dynamic and risk-driven.
Lots of organizations these days are leaning harder into SaaS, cloud platforms, and autonomous AI tools, making identity quietly one of the most attractive entry points for attackers.
As CrowdStrike CEO George Kurtz put it in a statement to Reuters, “the adversaries aren’t breaking in; they’re logging in, and they’re abusing identity.”
Why identity and access-based security needs innovation
The old way of handling identity and access was pretty simple. Permissions were set once and left in place, and that worked fine when most identities belonged to people and systems lived in a handful of places.
That logic falls apart fast once service accounts, APIs, and AI agents start moving on their own across cloud and SaaS environments, often with far more access than they really need.
SGNL was built to solve that exact problem. It sits in the middle of the access flow, between identity providers and the apps or cloud systems people and machines are trying to reach.
Instead of assuming access should remain open once it’s granted, SGNL continually assesses risk in real time and adjusts permissions as conditions change.
CrowdStrike says this allows access to be “continuously granted and revoked based on real-time risk,” replacing static privilege models with a far more adaptive approach.
That capability will be folded into Falcon Next-Gen Identity Security upon the acquisition’s close.
How SGNL fits into Falcon
For CrowdStrike, SGNL fills in a missing piece of the puzzle.
The Falcon platform already pulls together threat intelligence, endpoint data, and behavioral signals, but acting on that information at the exact moment of access has been tricky. SGNL makes that possible.
If something changes mid-session, such as a login from an unexpected location or a device suddenly appearing risky, access can be revoked immediately.
And this isn’t just about people– it applies to service accounts and AI identities too, which often move fast and operate without a human in the loop.
Kurtz touted the opportunity in an interview with CNBC, saying, “This is a massive opportunity for our customers to be able to protect themselves, and a massive opportunity for us to disrupt the identity market.”
A growing focus on consolidation
The acquisition also fits into CrowdStrike’s bigger strategy of consolidating security capabilities onto a single platform, which is all the rage these days.
Identity security has become one of the company’s fastest-growing segments, generating more than $435 million in annual recurring revenue as of its most recent quarter.
Rather than layering on legacy tools, CrowdStrike is focused on buying teams and technology that can natively extend the Falcon platform.
“We want to offer the most value to our customers where they can consolidate on CrowdStrike — less vendors, less complexities, less cost and with a better outcome of stopping breaches,” said Kurtz.
The recent Channel Insider coverage on identity and Zero Trust points to the same shift CrowdStrike is leaning into here. As AI agents and machine identities multiply, static access models are giving way to real-time, risk-based controls that can adjust on the fly. That’s the same problem SGNL is built to solve.