SentinelOne snapped up Attivo Networks in a $616.5 million deal to bring identity-based threat protection to its extended detection and response (XDR) platform.
The acquisition will “enable us to provide cybersecurity in one of the most critical and dynamic parts of enterprise security today: the identity parameter,” and address the $4 billion and growing identity security market, SentinelOne CEO and co-founder Tomer Weingarten said during a recent earnings call. “With Attivo’s user-centric identity capabilities, we will be able to support an even more comprehensive zero-trust framework.”
“Identity threat detection and response is the missing link in holistic XDR and zero trust strategies,” echoed SentinelOne COO Nicholas Warner in a statement.
Weingarten touted Attivo’s platform as being adopted by over 300 customers including some Fortune 500 companies and government entities.
The platform features agent-based identity protection, identity infrastructure assessment, identity-based vulnerability scanning and management for enterprise infrastructure, and deception services, according to Weingarten.
“Attivo was a darling of deception technology, but SentinelOne was really after its Active Directory protection portfolio, including ADAssessor and ADSecure,” Forrester senior research analyst David Holmes wrote in a blog post. “Enterprise identity plays a critical role in the zero-trust world mandated by the Biden executive order and recently road mapped by the Cybersecurity and Infrastructure Security Agency and the US Office of Management and Budget.”
The Attivo acquisition is expected to close in SentinelOne’s fiscal second quarter of 2023.
SentinelOne isn’t the only XDR vendor going after the identity protection market. CrowdStrike recently also boasted its success with identity protection and integrated its Falcon Identity Threat Protection module with the Falcon Complete managed endpoint security service. And the vendor acquired Preempt for a reported $96 million in 2020 to boost its zero-trust capabilities.
Is Standalone Deception Tech Fading Out
The deception technology, “while super cool, was never able to achieve escape velocity on its own, and many of its shining stars are disappearing into portfolios of larger vendors,” Holmes noted.
One example is Zscaler’s Smokescreen buy last year. The vendor sold the tech as Zscaler Deception, but Holmes expects the vendor will integrate the platform into Zscaler Private Access and Zscaler Internet Access before long.
For deception-tech startups, the acquisition and valuation of Attivo may give them hope to move from standalone tech to pairing with another more mainstream security tech such as identity, endpoint, or network security, he explained.
And for security and risk decision-makers, these acquisitions mean “they can pivot from deploying a stand-alone deception tech product and start evaluating how deception gets paired with one or two key tactical domains such as identity,” he added.
UPDATE: This story has been updated to clarify comments on CrowdStrike’s Preempt acquisition.