Why did CrowdStrike Buy Identity Startup SGNL for US$740m?

Cybersecurity giant CrowdStrike has signed a deal to acquire the continuous identity security startup SGNL for US$740m.

This move by CrowdStrike, when read under the backdrop IDC data, which predicts the identity security market to grow from US$29bn in 2025 to US$56bn by 2029 makes greater financial sense.

With the acquisition of SGNL, CrowdStrike will extend dynamic authorisation across SaaS and hyperscaler cloud access layers, setting a new industry standard for identity security in the age of AI. 

“AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected,” says George Kurtz, CEO and founder of CrowdStrike. 

“With SGNL, CrowdStrike will deliver continuous, real-time access control that eliminates the known and unknown gaps from legacy standing privileges. 

“We’re disrupting the premise of modern privilege and access – for every identity, human or machine. 

“This is identity security built for the AI era.”

What is Continuous Identity (CI)? 

Continuous Identity allows enabling access for human, non-human (NHI) and AI identities to be continuously granted and revoked based on their real-time risk, completely eliminating standing privileges. 

CI has three main pillars: it is contextual, consistent and continuous.

Being contextual implies that access decisions are evaluated based on meaningful contexts, such as whether the person requesting access is currently on duty, if they are accessing a managed device or if their behaviour risk score has changed. 

Checking the context of each access helps separate authorised entries from malicious ones.

Consistency relates to the implementation of the same policies, enforced the same way regardless of whether it is humans or NHI that is trying to gain access or authorisation, thereby breaking out of policy silos. 

By virtue of  the system being continuous, identity controls are implemented whenever a context change occurs, leaving no wiggle room for threat actors. 

How SGNL and Falcon secures modern identities

Powered by Falcon intelligence and risk signals, SGNL will act as a runtime access enforcement layer.

With CI, standing privileges of all kinds are replaced with continuous dynamic authentication. 

Falcon platform and SGNL’s Continuous Access Evaluation Protocol (CAEP) proactively prevents breaches caused by access misconfiguration. 

“SGNL was founded to connect access decisions with business reality,” says Scott Kriz, CEO and co-founder of SGNL.

“The world needs our technology to eradicate the significant risk that legacy standing privileges expose in today and tomorrow’s environments.

“Joining CrowdStrike provides us with global scale natively through cybersecurity’s leading platform to transform enterprise security with Continuous Identity, furthering CrowdStrike’s mission of stopping breaches.”