Highlights:

  • Zilla helps enterprises enforce separation of duties, a cybersecurity practice that minimizes breach risks by restricting user actions in applications.
  • The company will offer Zilla’s key features as two standalone products: Zilla Comply and Zilla Provisioning.

CyberArk Software Ltd. has acquired Zilla Security Inc., a startup specializing in enterprise employee access management for internal applications.

The companies announced the acquisition recently, with CyberArk, a publicly traded cybersecurity firm, agreeing to pay USD 165 million in cash, plus an additional USD 10 million contingent on performance milestones. Zilla had previously secured approximately USD 17 million in investor funding.

To comply with cybersecurity regulations like HIPAA, companies must conduct user access reviews—assessments that identify employee accounts with excessive data access. For instance, a bank may need to ensure that a sensitive transaction database is only accessible to employees who require it for their roles.

Zilla offers a platform designed to simplify user access reviews. It enables companies to supply reviewers with detailed insights into which employee accounts have access to specific systems. Additionally, Zilla logs reviewer activity, making it easier to detect and correct errors.

Another key feature of Zilla’s platform simplifies managing employee access permissions. It automatically grants new hires the necessary application access and, according to the company, can also revoke permissions when employees leave or change roles.

Zilla claims its platform helps enterprises enforce separation of duties, a cybersecurity best practice that minimizes breach risks by restricting user actions within applications.

For instance, an employee authorized to edit a sensitive database cannot access the logs tracking those edits. Zilla analyzes user accounts across a company’s network to ensure proper implementation of separation of duties.

In addition to managing account access, the platform detects hacker attempts to exploit permissions. Zilla claims its algorithms identify threats like unauthorized admin account creation and uncover potential vulnerabilities, such as inactive employee accounts with access to sensitive systems.

CyberArk plans to integrate Zilla’s technology into its product lineup, which primarily includes software for secure employee access to business applications. Its tools handle tasks like processing login requests, storing passwords, and offering an enterprise browser that safeguards users from threats like malicious extensions.

CyberArk will offer Zilla’s key features as two standalone products: Zilla Comply and Zilla Provisioning. Zilla Comply simplifies user access reviews for regulatory compliance, while Zilla Provisioning enables centralized management of employee access permissions.

The acquisition follows CyberArk’s previous startup purchase less than a year ago. In May, the company signed a USD 1.54 billion deal to acquire Venafi Inc., a cybersecurity firm specializing in tools that help safeguard developers’ code from tampering.