Rawpixel.com - stock.adobe.com

SentinelOne acquires Attivo Networks for $617M

SentinelOne is acquiring Attivo Networks for a $616.5 million price tag and plans to merge the company's identity threat detection services with its XDR offering.

After one of the largest initial public offerings in the cybersecurity industry, SentinelOne Inc. will expand once again -- this time into the identity and access management space.

In a blog post Tuesday, the endpoint security vendor announced the definitive agreement stage of the impending acquisition of Attivo Networks, an identity security company based in Fremont, Calif. The move would add identity threat detection to SentinelOne's current extended detection and response (XDR) offerings, as Attivo focuses on securing Active Directory (AD) and cloud environments.

The announcement comes nearly nine months after SentinelOne raised more than $1 billion in its IPO, with the goal to further expand its endpoint detection platform into XDR.

With threat actors increasingly compromising credentials and admin privileges, gaining visibility around services like AD has grown in importance. One recent example involved the use of the malware that ESET referred to as HermeticWiper. While examining a new wormable component to the malware that targeted Ukrainian organizations, researchers discovered indications that the attackers may have gained control of AD.

In the blog post, SentinelOne highlighted Attivo's identity assessment tool, which monitors suspicious passwords and account changes, as well as credential exposures and unauthorized access. The identity vendor, which was founded in 2011, currently has more than 300 global customers, according to the blog.

"Identity fuses together all enterprise assets, and I see identity threat detection and response as an integral part of our XDR vision. Attivo Networks is the right technology and team to advance our portfolio, complementing our hypergrowth and accelerating zero trust adoption," SentinelOne CEO Tomer Weingarten said in the blog.

Jon Oltsik, analyst at Enterprise Strategy Group, a division of TechTarget, said one of the gaps ESG discovered in its initial XDR research in 2020 was identity visibility. Organizations were seeking to better understand user behavior and behavioral anomalies, he said, so that they could detect threats and correlate identity behavior to other things happening on their networks.

"This acquisition gives SentinelOne identity visibility and analytics that can help in this area. I also like the deception capabilities which add a degree of threat prevention and internal threat intelligence to XDR," Oltsik said in an email to SearchSecurity.

Attivo initially focused on deceptive technology, which is designed to protect enterprises by presenting decoy environments and honeypots to threat actors scanning customer environments. David Holmes, senior analyst at Forrester Research, said Attivo's identity protection offerings were what drew interest from SentinelOne.

"Attivo was a darling of deception technology, but SentinelOne was really after their Active Directory protection portfolio, including ADAssessor and ADSecure," Holmes said. "What acquisitions like this one ultimately mean for security and risk decision-makers is that they can pivot from deploying a standalone deception tech product and start evaluating how deception gets paired with one or two key tactical domains like identity."

Dig Deeper on Application and platform security

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing