CrowdStrike Holdings Inc. today announced plans to acquire startup SGNL Inc., which helps companies block unauthorized access to their systems.

The transaction is worth $740 million. CrowdStrike, which intends to finance the deal with a combination of cash and stock, expects to close it by the end of April.

In many cases, employees with access to sensitive systems can log into those systems around the clock. That creates cybersecurity risks. If hackers take over an employee account with unconstrained access to an important database, they can download its contents relatively easily.

Palo Alto, California-based SGNL provides a platform that mitigates such risks. The software enables companies to implement so-called just-in-time, or JIT, access policies for employee accounts. When a JIT policy is enabled, workers with permission to use a sensitive system can only access that system for limited periods of time. That narrows the window in which hackers can launch cyberattacks.

SGNL only allows users to access a system when specific conditions are met. For example, a company could specify that administrators may only download a server’s error logs if they need them to troubleshoot an ongoing outage. It’s also possible to enforce several different access requirements side-by-side.

When a system grants a user access, that access usually lasts until the end of the login session. SGNL takes a different approach. It uses an open-source technology called CAEP to continuously collect cybersecurity data about login sessions. If the platform detects a potential risk, it can end the affected session early or require the user to re-authenticate before proceeding.

SGNL says its platform lends itself to protecting not only employee accounts but also artificial intelligence agents. The software can monitor how an AI agent interacts with MCP servers, software modules that provide access to external applications. SGNL can detect when an agent attempts to perform a risky action in an external application or share sensitive data.

According to the company, its platform also creates an inventory of all the MCP servers in an organization’s network. That visibility enables administrators to detect potentially insecure software that might expose AI agents to risks.

After the acquisition closes, CrowdStrike will integrate SGNL’s technology with its Falcon cybersecurity platform. Falcon collects a significant amount of telemetry about the systems it protects. The plan is to use that data to improve SGNL’s CAEP-powered access management engine. For example, the engine could use information that Falcon collects about an employee’s device to determine whether a login session should be ended early.

CrowdStrike also expects the deal to facilitate other product enhancements.

Like SGNL, Falcon includes features that use CAEP to determine when user sessions should be ended. Those features mainly focus on protecting employee accounts that companies manage with Active Directory and Entra ID. SGNL’s technology will enable CrowdStrike to roll out better support for public cloud platforms such as Amazon Web Services and software-as-a-service platforms.

Photo: CrowdStrike