CrowdStrike has announced the acquisition of SGNL, an American startup that develops technology for just-in-time access to IT systems.
With the acquisition, valued at $740 million, CrowdStrike aims to expand its identity security offering, particularly in cloud environments and AI-driven workloads. The transaction will be financed with a combination of cash and shares. The parties aim to complete the acquisition by the end of April, subject to regulatory approval.
According to SiliconANGLE, the acquisition is part of a broader shift within cybersecurity, in which identities are playing an increasingly central role. Security is no longer focused exclusively on endpoints and networks, but increasingly on users, services, and software components that have access to data and systems. This includes not only human accounts, but also non-human identities such as workloads, services, and AI agents.
CrowdStrike points out that this group of identities is particularly difficult to protect with traditional access models. In many organizations, users and systems retain permanent access to sensitive environments, even when that access is not actively needed. If such an account is misused, an attacker can relatively easily cause damage or steal data.
Just-in-time access policy
SGNL, based in Palo Alto, California, focuses on reducing that risk. The platform makes it possible to enforce just-in-time access policies, whereby access is only granted temporarily and only when predefined conditions are met. This could mean, for example, that an administrator only has access to certain log files during an active malfunction, or that multiple contextual requirements apply simultaneously.
A distinctive feature is that access does not automatically remain valid until the end of a session. SGNL uses the Continuous Access Evaluation Protocol (CAEP) to continuously evaluate sessions. This takes into account signals about context and behavior. If the risk increases, a session can be terminated prematurely or additional authentication can be enforced.
According to SGNL, the technology is also suitable for securing AI agents. These often communicate with external applications via so-called MCP servers, which act as a link between AI models and other software. The platform can detect deviant or risky behavior and intervene when an agent attempts to share sensitive data or performs unexpected actions, according to SiliconANGLE.
In addition, SGNL builds an overview of MCP servers within an organization. This gives administrators insight into which links exist and helps detect potentially unsafe or poorly managed integrations.
Upon completion of the acquisition, CrowdStrike plans to integrate SGNL’s technology into its Falcon platform. That platform already collects extensive telemetry on endpoints, identities, and cloud environments. By linking that data to CAEP-driven access control, the system can, for example, terminate sessions based on a device’s security status or unusual behavior.
CrowdStrike already has capabilities to dynamically manage user sessions in environments with Active Directory and Entra ID. With SGNL, those capabilities will be extended to public cloud platforms such as Amazon Web Services and to SaaS environments, where identity management is often fragmented.