It was announced this week, that CrowdStrike are to acquire SGNL for a reported $740M. Does this indicate anything to the broader identity security market? What will this allow CrowdStrike to achieve?

Let’s take a step back. Who are CrowdStrike and who are SGNL?

Who Are CrowdStrike

An AI-powered query can give you this answer, to so I won’t spoil that surprise. TLDR; they’re the acquiring party so they’re bigger. Launched in 2011, $330M in funding (last round 2018) and roughly 11,000 employees according to LinkedIn. They are also a publicly listed company. Note their stock price spiked a little on the 7th before falling back on the 8th January when the announcement was made.

A couple of things to add though. CrowdStrike are not a “traditional” identity and access management (IAM) vendor. They have had a few changes in narrative from threat intelligence to end point detection (and response) and a few skips in between. Simply due to their age and size, they have also been pretty busy snapping up other orthogonal cyber-related companies.

The past 9 years have seen a healthy addition of 11 companies. Preempt Security is the one that could possibly sit the identity bucket with a previous focus on conditional access.

• SGNL: Acquired in January 2026, SGNL is a leader in continuous identity security, with the aim of providing real-time access control for human, non-human, and AI identities.

• Pangea Cyber: Acquired in September 2025 for $260 million, Pangea provides API, security, and cloud services to help secure enterprise AI use and development.

• Onum: Acquired in August 2025, Onum specializes in real-time telemetry pipeline management to supercharge the Falcon Next-Gen SIEM platform by streamlining data ingestion.

• Adaptive Shield: Acquired in November 2024, Adaptive Shield is a SaaS security leader, enabling unified protection against identity-based attacks across the entire cloud ecosystem.

• Flow Security: Acquired in March 2024 for $200 million, this Israeli startup focused on data security posture management (DSPM) to expand CrowdStrike’s cloud security leadership.

• Bionic.ai: Acquired in 2023, Bionic is an Israeli application security posture management (ASPM) startup.

• Reposify: Acquired in October 2022, Reposify is an external attack surface management vendor that helps reduce risk by discovering and managing internet-facing assets.

• SecureCircle: Acquired in November 2021, this SaaS-based cybersecurity service extends zero trust data protection to the endpoint without impacting user experience.

• Humio: Acquired in February 2021 for $400 million, Humio provides a log management and observability platform designed to handle high-volume, streaming data for XDR (Extended Detection and Response).

• Preempt Security: Acquired in September 2020 for $96 million, Preempt specialized in zero trust and conditional access technology to prevent identity-based attacks and insider threats.

• Payload Security: Acquired in November 2017, Payload Security developed automated malware analysis sandbox technology.

“CrowdStrike was founded in 2011 to reinvent security for the cloud era. Realizing that the nature of cybersecurity problems had changed but the solutions had not, we built our CrowdStrike Falcon platform to detect threats and stop breaches. With our Falcon platform, we created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and Internet of Things, or IoT, devices. We offer 32 cloud modules on our Falcon platform via a SaaS model that spans multiple large security markets, including corporate endpoint security, security and IT operations, managed security services, observability, cloud security, identity protection, threat intelligence, data protection and cybersecurity generative AI.”

Source: CrowdStrike Investor Relations

Who Are SGNL

Before we can make a comment on the acquisition, let’s take a stab at understanding who SGNL are.

Founded 2021, ~60 employees according to LinkedIn and ~$42M in funding. They describe themselves as “The Continuous Identity Platform. SGNL sits at the center of your IAM architecture. It eliminates standing privilege and instantly adapts access when conditions change. Whether it’s humans or AI agents, SGNL keeps your critical systems and sensitive data secure.”

They are seemingly sitting in the complex battle ground of both identity data governance and cleanup as well as being able to handle real-time changes to context and threat.

Source: An interview with Atul Tulshibagwale CTO at SGNL for The Cyber Hut TV early 2025

They are a big supporter of the CAEP standard being developed out of the OpenID Foundation. CAEP (continuous access evaluation profile) is based on the Shared Signals Framework which aims to help with real-time interop for risk signalling. Essentially the glue to help link disparate technologies together by a shared understanding of real time contextually specific risk events. For example, being able to apply a countermeasures to an issued session if the associated device risk level alters - perhaps due to a discovered vulnerability, or detection of malware. The entire concept brings a more flux-led style of thinking to what has traditionally been a very static world for IAM - especially post authentication.

Most recently SGNL have focused on amplifying this “flux” with a continuous identity narrative.

• A Comment on Continuous Identity Architecture

• A Comment on Migrating from Static to Smart IAM

• A Comment on Dynamic Risk for Identity

What Does The Acquisition Mean for CrowdStrike?

Clearly CrowdStrike is a big machine and the acquisition in both revenue and personnel ways wont change their direction overnight. An assumption would be of re-branding and re-positioning within the existing suite of products their shift.

The official press release is interesting. There is an immediate strike out for “Identity Security”. This term has become synonymous with a range of capabilities in the past three years - many non-competing, overlapping and some ultimately quite confusing. (NB my book IAM at 2035: A Future Guide to Identity Security has come prescriptive opinions on this)

“This acquisition will accelerate CrowdStrike’s leadership in Next-Gen Identity Security, enabling access for human, non-human (NHI), and AI identities to be continuously granted and revoked based on real-time risk. With SGNL, CrowdStrike will extend dynamic authorization across SaaS and hyperscaler cloud access layers. The combination of dynamic privilege and access coupled with Falcon® platform intelligence sets a new standard for agentic identity security.”

So we can see next-gen (IE not for now) and also a nod towards NHI and AI. The release also continues on the Agentic-AI route - “AI agents operate with superhuman speed and access, making every agent a privileged identity that must be protected,” said George Kurtz, CEO and founder of CrowdStrike. “With SGNL, CrowdStrike will deliver continuous, real-time access control… This is identity security built for the AI era.”

Whilst this is true, it perhaps indicates that CrowdStrike couldn’t do this already with their existing feature set.

CrowdStrike already have a strong bread of features though - covering both the endpoint, threat intelligence and ITDR worlds - so where do they see SGNL fitting in?

“SGNL is the runtime access enforcement layer between modern identity providers and the SaaS and hyperscaler resources that people, NHIs, and AI agents access. Powered by real-time Falcon platform intelligence and risk signals, SGNL will continuously evaluate identity, device, and behavior to dynamically grant, deny, or revoke access as conditions change, eliminating standing privilege access across every identity and environment.”

This is a nice quote, as it aligns strategically with that they have, what they are getting and where they want to go to . They will take what they have (intel) fire that as signals into SGNL, and ultimately protect all identity types.

That is a strong story and is clear to articulate and wrap into existing IAM infrastructure components such as identity providers and identity governance products that are often quite static in their design.

What Does The Acquisition Indicate for the Identity Security Market?

$740M (whilst not mentioned in the official press release was mentioned by CNBC) for a company ~5 years old is quite good going. As SGNL is private, revenue numbers are not known, but with ~60 employees it is unlikely to generating close to $100M which would indicate a sale multiplier of over 10x. That is all guess-work, so let’s park that for now, but the acquisition shows that identity security is clearly in vogue.

We have also seen numerous exists in areas such as ITDR in recent months for organisations also under 5 years old. Clearly getting a company early without necessarily a proven sales history is a risk - but the counterpoint is often excellent technology and smart people a lower cost. If the $740M is true, that is not necessarily the case with SGNL, as that is a material amount of cash.

So what does that indicate? SGNL have good technology and people, as as well a strong pipeline? It also of course prevents competitors acquiring SGNL. This is not to be discounted. Larger and more traditional technology players by design struggle to innovate and add new features to existing platforms. It is simpler to just acquire. Ping Identity, Okta and Sailpoint are simple examples and there are many.

So who are CrowdStrike’s main competitors? This is where things get messy.

An AI search on this would simply through up something like:

Key Competitors by Category:

• Endpoint & XDR Platforms: SentinelOne, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, Sophos, Trend Micro, Cisco Secure Endpoint, BlackBerry Cylance, VMware Carbon Black.

• Cloud Security: Wiz, Sysdig, Palo Alto Networks Prisma Cloud, Orca Security, Trend Micro.

• Managed Detection & Response (MDR): Arctic Wolf, Rapid7, Sophos MDR, Expel, Red Canary.

• Broad Security Suites: Microsoft, Palo Alto Networks, Fortinet, IBM, Google (Chronicle).

A very broad and complex set of go to market stories. Some overlapping for sure, some not so much. The one’s I will comment on are Cisco and Sophos. Why? Well historically they would certainly not be put in the IAM camp. However Cisco (with their acquisition of Oort a few years back and Duo Security before that) have certainly added more “identity” related concepts to their narrative since 2022.

Sophos? Well the age-old anti-virus folks also recently launched an ITDR offering, looking to gain a foothold in the growing identity security budget-release bandwagon. Quite a curve-ball.

As data centers become cloud, firewall budgets turn into SASE, zero trust and SDN and endpoints become entry-points, budgets, control planes and success metrics alter.

The one consistent factor: Identity.

I would imagine however, that many of the above competitors (and CrowdStrike included) are much more likely to be aiming their new identity-centric view of the world to their existing customer base. They want to keep existing customers happy. It’s much more costly, time consuming and unpredictable to constantly go after net-new logos. Cross-selling onto new products (perhaps for a low intial cost) will keep them sticky, show feature “innovation” and keep startups at bay from competitive moves. This is critical, especially for a public company.

Identity Security is hot. There is no question. Congratulations to team at SGNL. I imagine there will be several more exits in the ITDR, ISPM and NHI markets for several vendors in the Series A-B camp by December.

Book Inquiry Consultation

About The Author

Simon Moffatt has nearly 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut - a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.