Extended detection and response (XDR) services supplier SentinelOne is to buy identity threat detection and response (ITDR) specialist Attivo Networks in a $616.5m (£471m/€560m) cash and stock deal, claiming that the acquisition will expand its addressable market by $4bn.
The addition of ITDR elements to SentinelOne’s portfolio will extend the capabilities of its existing Singularity XDR to cover identity-based threats arising on endpoints, internet-of-things (IoT) devices, mobiles, or within cloud workloads, it said, ultimately accelerating the adoption of zero-trust strategies among its customers.
It expands an existing partnership between the two – some of Attivo’s products having been available on SentinelOne’s Singularity XDR Marketplace application ecosystem since December 2021.
The firm cited recent Gartner research that suggests misused credentials are now among the top techniques used in breaches, with attackers targeting gaps in their victims’ identity and access management (IAM) strategies to gain a foothold in trusted environments, and move laterally to compromise higher-value targets.
“The shift to hybrid work and increased cloud adoption has established identity as the new perimeter, highlighting the importance of visibility into user activity,” said SentinelOne COO Nicholas Warner. “ITDR is the missing link in holistic XDR and zero-trust strategies.
“Our Attivo acquisition is a natural platform progression for protecting organisations from threats at every stage of the attack lifecycle.”
Tushar Kothari, CEO of Attivo Networks, said: “Attivo’s solutions are a perfect complement, as an XDR with identity protection significantly improves organisational security posture. As the threat landscape evolves, identity remains the central nervous system of the enterprise. Combined with the power of SentinelOne’s autonomous XDR, we’ll bring real-time identity threat detection and response to the front lines of cyber defence.”
Ed Goings, national leader of cyber response services at KPMG, said: “In our breach response engagements, Active Directory [AD] and identity-based attacks are too common. Attackers are aware that AD is the crown jewel of the enterprise – controlling end-user entitlement, access and privileges.
“Unauthorised AD access grants bad actors the ability to install backdoors, exfiltrate data and change security policies. I am excited about Singularity XDR now encompassing identity threat detection and response.”
Besides its core ITDR capabilities, SentinelOne gains additional expertise around identity infrastructure assessment, to bring customers instant Active Directory visibility of misconfigurations, suspicious password and account changes, credential exposures and unauthorised access, among other things; and identity cyber deception, with a suite of Attivo tools that lures malicious actors into revealing themselves by leading them down a trail of breadcrumbs to decoy accounts, files and IPs.
SentinelOne’s customer base includes enterprises such as restaurant chain TGI Fridays and Norwegian Airlines, as well as automaker Aston Martin, through which it is also a key technology partner and sponsor to the Aston Martin Formula One team.
The companies expect the acquisition to close during SentinelOne’s second fiscal quarter.