Hey Fools,
I didn’t see CrowdStrike (CRWD) and wanted to add it. I lead corporate cybersecurity teams (CISO) and wanted to provide my professional feedback on this, given my experience with CRWD across various companies and its implications. I think it’s a great move by CRWD and doesn’t put a big dent in their cash. I can easily see cybersecurity leaders baking this into future budget forecasts. Historically, CRWD has been great at detecting malicious behavior but has relied on integrations with other tools to fully revoke access. This deal gives Falcon the ability to say, “Given who you are and what’s happening, what can you do right now, and should we cut you off instantly?” It also enables automatic removal of access for related accounts and sessions across SaaS and cloud systems, not just at the identity provider.
This makes life much easier for cyber teams and adds another lever for CRWD to keep growing ARR. I’m curious how many of SGNL’s customers use CRWD. Think of it this way:
Before SGNL:
Okta (OKTA) → Zscaler (ZS) → CrowdStrike (detects threat) → alerts other teams/tools → Manual or slower access revocation
After SGNL:
OKTA → ZS → CRWD (detects threat) → SGNL → instantly revokes access across apps, cloud, and other systems
To be clear, this isn’t replacing Okta, Microsoft Entra ID, or other authentication tools. It’s a bolt‑on in front of them that consolidates part of the identity/privileged access toolset while leveraging CRWD’s telemetry (reviews activity logs and signals to understand behavior) to drive real‑time action. It’s a small expansion deeper into the identity security layer, but more of a necessary value‑add to CRWD’s core EDR (endpoint detection and response) and identity modules than a brand‑new business line. At the same time, it lays important groundwork for Falcon’s “agentic AI” roadmap, where AI agents and non‑human identities can be automatically shut down based on behavior, not just static rules.
Conceptually, CRWD is moving closer to zero‑trust style, continuous verification and enforcement, which overlaps some of what ZS does on the network side, but today it looks more like a complementary partnership opportunity than a replacement. While these three aren’t the only players, they’re good reference points. If you’re interested, it’s worth looking at their respective competitors in endpoint/identity (CRWD, S, etc.), zero‑trust networking (ZS, FTNT, etc.), and identity/SSO (OKTA, MSFT, etc.) and comparing how each stack is evolving toward consolidation.