MSP, Mergers and Acquisitions

CrowdStrike Acquisition Strategy With Seraphic Security, SGNL Signals Broader Platform Push

Cybersecurity vendor CrowdStrike is starting 2026 by quickly acquiring two IT security businesses, Seraphic Security and SGNL, to continue its mission of building what it calls a unified next-gen security strategy aimed at helping customers better protect their business operations.

Under the acquisitions, CrowdStrike will integrate Seraphic Security’s web browser-native runtime protection and SGNL’s continuous identity and authorization platform into its AI-native CrowdStrike Falcon endpoint detection and response and threat intelligence cybersecurity platform. The price tags of both deals, which are expected to close in CrowdStrike’s first quarter of 2027, were not released.

Both transactions follow two deals that CrowdStrike made in 2025, when it acquired AI-enabled detection and response vendor Pangea last September and real-time telemetry pipeline management vendor Onum last August.

Daniel Bernard, CrowdStrike’s chief business officer, told ChannelE2E that the acquisitions reflect where security is going and where the customers of its channel partners are already operating.

“The attack surface has moved to the browser and security has to follow,” Bernard said of the Seraphic Security deal. “The browser is now a primary access point to the enterprise. It is where SaaS, cloud apps, contractors, third parties, and increasingly AI agents interact with sensitive data. If the browser is the front door, it is also the most targeted one.”

The SGNL acquisition is just as important, he said, because identity-based attacks are also a constant threat for businesses.

“Static access controls break down once a session is live,” said Bernard. “Authorization at login is not enough when risk changes every second. That is the gap we are addressing, without forcing organizations to choose between security and productivity. With SGNL, CrowdStrike is redefining modern authorization. With Seraphic, we extend that model with real-time enforcement where it matters most: inside the browser session.”

Giving MSPs and Other Channel Partners Powerful, Integrated Tools

“This is not acquisition for acquisition’s sake,” said Bernard. “Platform expansion only matters if it changes outcomes. We are deliberately extending the Falcon platform to cover the full attack surface, including endpoint, identity, cloud, data, AI, and now the web. Fragmented tools create fragmented defense, and this is what and where adversaries exploit.”

Ultimately, the best security tools should protect users however they work and not force them to work around security, he said.

“We secure the browsers they already use, including Chrome, Edge, Safari, and emerging agentic browsers, all from the Falcon platform in a single console alongside endpoint, identity, and cloud security,” said Bernard. “If security adds friction, users will route around it. Our goal is to let customers adopt SaaS and generative AI faster, not slower.”

CrowdStrike Is ‘Addressing a Clear Gap,’ Analyst Says

Chirag Mehta, vice president and principal analyst at Constellation Research, told ChannelE2E that he views CrowdStrike’s approach as a direct way to “make the browser a first-class security control point, not just an endpoint artifact. In modern enterprises, the browser has effectively become where work happens, spanning SaaS apps, identity workflows, data sharing, and now AI tools and agentic browsers.”

Across the business world, “many security stacks still treat the browser as a visibility blind spot, even though it is one of the most abused surfaces for credential theft, session hijacking, extension-based abuse, and data leakage,” said Mehta. “CrowdStrike is addressing a clear gap.”

The latest acquisitions by the company are not just consolidation for scale, he said.

“It is platform expansion into the runtime layer where identity, data, and user actions intersect,” said Mehta. “By combining Seraphic’s in-session browser telemetry and enforcement with Falcon’s endpoint signals and their planned SGNL continuous authorization approach, CrowdStrike is moving toward real-time, context-aware access decisions inside the session, not only at login time or on the device boundary.”

These are the kinds of features that IT customers and buyers are looking for from their channel partners and vendors, he said.

Another analyst, Rob Enderle, principal analyst for Enderle Group, told ChannelE2E that CrowdStrike has “clearly determined that securing the desktop is not enough and, given how much work is being done in browsers, they are aggressively moving to secure those as well.”

Enderle said he sees the acquisition moves as typical industry consolidation, but with a focus on platformization to better compete with companies like Microsoft and Palo Alto Networks, which acquired Talon Cyber Security.

“The good is they provide the one throat to choke that customers prefer, but the bad is this will decrease innovation, and with increasing threats that might reduce the ability to defend against them,” said Enderle. “In addition, this could create a single point of failure, so if CrowdStrike has a failure it would be far more catastrophic given the wider breadth of coverage, and CrowdStrike has had [security] issues.”

Todd R. Weiss

Todd R. Weiss is a contributing editor to ChannelE2E and MSSP Alert. He is an award-winning technology journalist and freelance writer who covers the full range of B2B IT topics. He served as managing editor at EnterpriseAI.news and was a staff writer for Computerworld and eWeek.com. He is a diehard Philadelphia Phillies, Eagles, Flyers and Sixers fan and says he is the world’s worst golfer.

Related Events

You can skip this ad in 5 seconds