SailPoint integrates with CrowdStrike Falcon

SailPoint integrated its Identity Security Cloud with the CrowdStrike Falcon platform to enable shared data and automated workflows intended to improve visibility and response to identity-based threats.

The companies described the work as linking identity governance and threat detection so identity and security systems could exchange data and coordinate automated actions to address identity-based threats.

The integrations connected SailPoint’s identity governance capabilities with Falcon components named in the release, including Falcon Next-Gen Identity Security, Falcon Next-Gen Security Information and Event Management (SIEM), and Falcon Fusion Security Orchestration Automation Response (SOAR), now part of CrowdStrike Charlotte Artificial Intelligence (AI).

The technical scope allowed customers to apply CrowdStrike identity risk insights within SailPoint to inform dynamic, risk-based access decisions; ingest SailPoint identity data into Falcon Next-Gen SIEM to correlate identity events and access patterns with real-time threat activity; and leverage Falcon Fusion SOAR to trigger SailPoint remediation actions such as disabling accounts or revoking access.

“Adding identity context to Security Operations Center workflows helps security teams understand not only what is happening, but who is involved and what access may be affected,” said Chandra Gnanasambandam, EVP of Product and CTO at SailPoint. “Through integrations with the CrowdStrike Falcon platform, SailPoint customers can connect identity and threat data to support faster, more informed security decisions.”

The release stated the integrations were intended to bring identity and threat data together across the two platforms to support combined visibility and automated response capabilities going forward.