SentinelOne snaps up Attivo Networks for $617M, bolsters XDR platform

In a move designed to bolster its XDR (extended detection and response) platform, Singularity, to defend against the latest cyber security threats, endpoint security vendor SentinelOne plans to acquire IAM (identity and access management) provider Attivo Networks for US$616.5 million.

Singularity is an AI-based system that allows for automated response to many types of endpoint-based threats — those that target user devices like laptops and smartphones, rather than a company's servers directly. Attivo's focus is on identity-based security, tracking users across different accounts, devices and systems to maintain a clear picture of who's accessing computing assets at any given time.

The acquisition is meant to address the changing realities of the security landscape, as hybrid work and cloud adoption become more and more universal, according to SentinelOne COO Nicholas Warner.

"Identity Threat Detection and Response (ITDR) is the missing link in holistic XDR and zero trust strategies," Warner said in a company statement announcing the acquisition. "Our Attivo acquisition is a natural platform progression for protecting organisations from threats at every stage of the attack lifecycle."

It's an acquisition that lines up well with current trends in the security marketplace, according to Liz Miller, vice president and principal analyst at Constellation Research.

The security industry is in the midst of transitioning from what she called a "wall-and-moat" mindset, where the focus was on broad-stroke preventative measures that were designed to protect static, on-premises equipment, rather than for the much more fluid working environments of today.

"Now we're moving to cloud services, shared services, people taking their devices home," Miller said. "Suddenly my router at home is part of the [security] perimeter. So rather than knowing where the boundaries of your perimeter are, [it] is now so malleable that we really need to take identity as the new perimeter."

The need for an identity-based security setup is prompted by the fact that threats now come from essentially everywhere — misconfigurations and possible malicious users within, and external threats of all kinds.

"This is really an acquisition that starts to telegraph that this world of work-from-anywhere is the reality, and [shows] how we create a solid security posture when everywhere is your perimeter," Miller added. "I think this really steps up the game for SentinelOne's customers."

It seem unlikely that Attivo's present customers and channel partners will see any major changes in service in the immediate future, though the solution is likely to be integrated quickly into SentinelOne's platform.

"I don't think Attivo's current customers have a ton to worry about," Miller noted.

The cash and stock transaction is expected to become final in SentinelOne's second fiscal quarter, subject to closing conditions and regulatory approval.