If you are watching the cybersecurity ticker tape today, the headline is clear: CrowdStrike (CRWD) has acquired SGNL. But, if you look past the press release, you’ll see a much larger narrative unfolding, a distinct game of "Follow the Leader" playing out between the titans of our industry, CrowdStrike and Palo Alto Networks.
With Palo Alto Networks massive acquisition of CyberArk previously setting the stage, CrowdStrike’s move today to snap up SGNL confirms a central thesis: Identity has become the primary control plane for modern defense.
As an expert in data-centric security, I find this consolidation fascinating, not just for what it solves, but for the massive gap it leaves wide open. Let’s unpack the strategy, the differences, and why a "better perimeter" and “stronger identity” still aren't enough to protect what actually matters: your data.
Both Palo Alto Networks and CrowdStrike are aggressively pursuing platform consolidation. The thesis is simple: The C-suite wants fewer vendors and tighter integration. By folding identity capabilities into their respective security clouds, both vendors are promising to close the gap between threat detection and access privileges.
Both deals are explicitly "Identity-First." They recognize that in an era of AI agents and non-human identities, the old school firewall is dying, or already dead. The new perimeter is the login prompt (and the API key). This is true for both humans' and machines' identities.
While the strategic goal is identical—control the identity plane—the tactical execution differs significantly in scale and product breadth.
While these acquisitions are smart business moves, they suffer from the same philosophical flaw that has plagued our industry for two decades: Both the PAN/CyberArk and CRWD/SGNL combinations are fundamentally defensive, perimeter-centric controls.
They are building higher walls and smarter gates. They are designed to answer one question: Should this user be allowed inside the domain?
But here is the uncomfortable truth: The data doesn't stay in the domain.
In the modern enterprise, sensitive data is designed to travel. It moves via email, lands in collaboration tools, is shared with third-party vendors, and is ingested by AI models.
The moment an authorized user (or a compromised identity that has bypassed SGNL or CyberArk’s checks) exports that file, the security provided by these platforms evaporates. They protect the container and the door, but not the asset itself.
The Future is Data-Centric and Offense-Focused
We need to stop pretending that securing the identity is the same as securing the data.
The future of security is not just about keeping intruders out (defensive security); it is about maintaining control of your data even when it is shared into the wild (offensive security).
This is where Data-Centric Security enters the conversation. True security requires that protection and policy are wrapped around the data object itself, regardless of storage, network, or identity provider.
At Virtru, we are championing this shift through open standards like the Trusted Data Format (TDF). Unlike the platforms offered by PAN or CRWD, TDF allows organizations to:
CrowdStrike's acquisition of SGNL is a win for identity hygiene and a smart counter-move to Palo Alto. It will undoubtedly make it harder for hackers to escalate privileges.
But let’s not confuse identity security with data security.
While the giants fight over who controls the door, the smartest organizations are focusing on the data that’s walking out of it. By integrating Virtru’s data-centric controls on top of these identity platforms, you move from a defensive posture to a position of absolute sovereignty over your data — wherever it goes.