CrowdStrike to buy startup Adaptive Shield to bolster SaaS security

CrowdStrike has entered into an agreement to acquire SaaS security leader Adaptive Shield. This acquisition, announced at the inaugural Fal.Con Europe, will propel CrowdStrike to become the only cybersecurity vendor to provide full protection against identity-based attacks across the modern cloud ecosystem — from on-premises Active Directory to cloud-based identity providers and the growing landscape of SaaS applications — through a single unified platform.

With organizations quickly growing their cloud footprints, the need for robust defence spanning hybrid cloud environments has never been greater. SaaS is projected to be the largest category of cloud computing in 2024, capturing more than 40% of all public cloud spending.

Adversaries are taking aim at this rapidly growing attack surface and often using identity-based attack techniques to do it. Cloud intrusions were up 75% last year, the CrowdStrike 2024 Global Threat Report found, and 75% of attacks used to gain initial access were malware-free. As SaaS adoption continues to grow, the introduction of new applications drives complexity and heightens the risk of misconfigurations across human and non-human accounts that create openings for cyberattacks.

“Adaptive Shield delivers the industry’s most complete security posture management and threat protection across SaaS identities, misconfigurations and data to stop SaaS breaches. With Adaptive Shield integrated into the CrowdStrike Falcon cybersecurity platform, we will provide the most advanced capabilities to stop identity-based attacks across all aspects of modern hybrid cloud environments,” said CrowdStrike in a blogpost.

Adaptive Shield empowers customers with comprehensive SaaS security posture management (SSPM). Its technology provides full visibility into, and governance of, human and non-human identities and their permissions, entitlements, activity levels and public data across 150+ business-critical SaaS applications to strengthen identity security posture. Beyond identities, it also provides visibility into misconfigurations and other risks affecting SaaS applications so organizations can better manage these issues and detect and respond to threats.

This visibility, achieved through an agentless deployment, is essential to strengthening SaaS security posture. Security teams can use the platform to collaborate with application owners and offer guidance to address security issues. Within three to four months, organizations implementing Adaptive Shield have reported an improvement from 20% visibility to 85% visibility into their SaaS security posture — a 300% increase.

Generative AI security is also core to Adaptive Shield’s capabilities. The growing use of GenAI introduces new risks including data leakage, attack surface expansion and privacy concerns. SSPM solutions alert users of GenAI SaaS applications to security issues and provide detailed remediation steps so the application owner and security team can collaborate to resolve them.

Adaptive Shield’s technology, when integrated with the CrowdStrike Falcon platform, will deliver compelling value to organizations by proactively detecting and preventing modern cross-domain attacks spanning endpoint, cloud and SaaS applications.

CrowdStrike is the pioneer of cloud-native cybersecurity. “We were born in the cloud to defend the cloud — and we are consistently recognized for our industry-leading cloud security strategy. Our acquisition of Adaptive Shield takes us another step forward in giving our customers the best possible protection against modern cyberattacks with the Falcon platform,” it said.

“Adaptive Shield is an essential piece of our cloud security vision. It provides organizations with granular visibility into their growing cloud environments, enables them to manage and secure their SaaS security posture and their human and non-human identities, and helps them detect and prevent identity-centric, cloud-focused cyberattacks,” mentioned CrowdStrike.

Earlier this year, CrowdStrike acquired Flow Security. This enables CrowdStrike to offer its customers protection of their data at rest and in motion as it flows through the cloud, on-premises and within applications. Just over one year ago, CrowdStrike acquired Bionic, the pioneer of application security posture management, which allows it to offer the most comprehensive cloud-native application protection platform (CNAPP) in the industry today.