Preempt Security
Last updated: May 10, 2026
Preempt Security was an Israeli identity security startup acquired by CrowdStrike in 2020 that developed a conditional access and identity threat prevention platform enabling organizations to detect and prevent identity-based attacks including lateral movement, privilege escalation, credential theft, and Active Directory exploitation in real time through behavioral analytics and risk-based access controls.
Visit WebsiteCompany Overview
Preempt Security built an identity-centric security platform that analyzed user and entity behavior in real time to detect and prevent identity-based attacks—including compromised credentials, lateral movement, privilege escalation, and Active Directory exploitation—before they could cause damage. The platform provided conditional access controls that dynamically adjusted authentication requirements based on risk context, enabling step-up authentication or access blocking when suspicious identity behavior was detected.
Commercially, Preempt competed in the emerging identity threat detection and response (ITDR) market alongside Silverfort, Illusive Networks, and Attivo Networks. Founded in 2014 in Ramat Gan, Israel by Roman Blachman (CTO, former IDF Unit 8200) and Ajit Sancheti (CEO), the company raised $18M from investors including DTCP (Deutsche Telekom Capital Partners), Menlo Ventures, and ClearSky Security. In September 2020, CrowdStrike acquired Preempt Security for approximately $96M, integrating its identity protection capabilities into the Falcon platform.
From a defense and national security perspective, identity-based attacks are the primary vector for advanced persistent threats targeting military and government networks. The ability to detect compromised credentials, prevent lateral movement through Active Directory, and enforce conditional access based on real-time risk assessment directly addresses defense cyber operations requirements.
Dual-Use Assessment
Identity threat detection and conditional access prevention directly addresses military and government network defense against credential-based attacks, lateral movement, and Active Directory exploitation—the primary vectors for nation-state adversaries. Commercial ITDR solutions are inherently dual-use: identical techniques detect both insider threats and external attackers. Real-time conditional access enforcement prevents both commodity ransomware lateral movement and APT lateral movement, with the latter being a primary defense concern. The ability to visualize and block Active Directory attack paths is mission-critical for military networks defending against China's APT groups and Russia's sophisticated lateral movement tradecraft. Identity-based defense directly aligns with NATO cyber doctrine emphasizing network hardening and adversary dwell-time reduction.
Strategic Fit Assessment
Preempt was acquired by CrowdStrike in 2020 for approximately $96M, validating the identity threat prevention approach and demonstrating strong M&A exit outcomes. The $18M Series A funding from institutional investors (DTCP/Deutsche Telekom Capital, Menlo Ventures, ClearSky Security) reflected confidence in the identity security thesis during 2014-2020. Technology now integrated as core component of CrowdStrike Falcon Identity Protection, deployed globally across government, military, and enterprise customers. While the company is no longer an independent company for direct diligence post-acquisition, the successful exit validates identity-first security architectures as strategic imperatives for endpoint and cloud security platforms.
Strategic Value to U.S.-Israel Alliance
Identity-based attacks are the dominant vector for advanced persistent threats (APTs) against military, government, and critical infrastructure networks. Preempt's technology addresses critical defense cybersecurity gaps in real-time threat detection, adversary dwell-time reduction, and lateral movement blocking. The integration into CrowdStrike Falcon provides standardized identity protection globally, enabling allied nations and NATO partners to defend against sophisticated adversaries (China, Russia, Iran) using identity-based lateral movement. The technology's strategic value increases as defenders recognize that endpoint security without identity security leaves networks vulnerable to APT post-breach lateral movement.
Key Technologies
- Real-time behavioral analytics for user and entity identity threat detection
- Dynamic conditional access enforcement based on contextual risk scoring
- Active Directory attack path mapping and blocking in real time
- Lateral movement and privilege escalation pattern detection
- Anomaly-based authentication challenge and step-up re-authentication
- Lateral movement blocking across network segments using identity context
- Credential compromise detection and automatic access revocation
Use Cases & Applications
- Enterprise identity threat detection and real-time prevention for SOC teams
- Active Directory attack path mapping and real-time blocking for legacy network defense
- Conditional access enforcement based on behavior anomalies and risk scoring
- Compromised credential detection with automatic access revocation
- Military and government network identity-based threat prevention against APTs
- Critical infrastructure identity protection preventing lateral movement in power grids and SCADA
- Post-breach forensics through identity-based attack chain reconstruction
- Insider threat detection through behavioral deviation analysis
Sources and verification
This profile is based on public-source research, Claw & Talon curation, and editorial judgment. Inclusion does not imply endorsement, partnership, investment, or a recommendation to transact. Readers should still confirm current status, customers, funding, and product claims before relying on this profile.
Public sources
The links below are visible public references used for source discipline around company identity, status, funding, customer, acquisition, public-company, or other material claims where available.
- Official website Primary public reference for company identity, positioning, and current web presence.
- Profile update timestamp Last updated in the Claw & Talon database on May 10, 2026.
Investor Lens
What this entry is
Acquired asset
Why it may matter
Preempt Security may matter as a Cybersecurity entry with not currently an investable standalone company for Israeli technology research.
How an independent investor should read this
Not currently an investable standalone company. Read this profile as a starting point for independent verification, not as a recommendation or suitability assessment.
Evidence to verify
- Verify current status
- Verify technical claims
- Verify regulatory/export-control issues
Main investor questions
- Is this entry a benchmark, buyer, ecosystem node, acquired asset, or strategic reference rather than a live startup opportunity?
- What does this reference clarify about buyers, sector structure, public-market context, or strategic demand?
- Does the dual-use claim map to actual commercial and government/defense/resilience buyer evidence?
- What evidence would change the thesis or show that the profile is stale?
What not to infer
- Inclusion does not imply endorsement.
- Inclusion does not imply allocation availability or current fundraising.
- Scores do not indicate investment suitability or expected returns.
- Strategic importance does not automatically imply venture return potential.
Diligence questions
- What evidence verifies Preempt Security's current customer traction, deployment status, and revenue concentration?
- Which technical claims are independently demonstrable today, and which remain roadmap or pilot-stage assertions?
- Where does the product create real defense, intelligence, critical-infrastructure, or emergency-response value beyond ordinary commercial adoption?
- How does the platform integrate into existing SOC, cloud, identity, or compliance workflows without adding operational burden?
- Is the company a live venture opportunity, a mature strategic reference, an acquired asset, or primarily a market-mapping entry?
Related sector
See the Cybersecurity sector page for market context, related subcategories, and other Israeli companies in this part of the database.
Related companies
Need a diligence readout?
Use the profile and related checklists as a starting point. If the decision needs more context, request a company screen, founder-call prep, diligence memo, or sector readout.