• United States



Jon Gold
Senior writer

SentinelOne to buy Attivo Networks for $617M, bringing ID-based security to XDR platform

Mar 15, 20223 mins
Endpoint ProtectionMergers and AcquisitionsTechnology Industry

Known as an endpoint protection vendor, SentinelOne is broadening its appeal by adding an identity-focused security layer to its Singularity XDR (extended detection and response) platform, in a $616.5 million deal.

network security concept
Credit: Metamorworks / Getty Images

In a move designed to bolster its XDR (extended detection and response) platform, Singularity, to defend against the latest cybersecurity threats, endpoint security vendor SentinelOne plans to acquire IAM (identity and access management) provider Attivo Networks for $616.5 million.

Singularity is an AI-based system that allows for automated response to many types of endpoint-based threats — those that target user devices like laptops and smartphones, rather than a company’s servers directly. Attivo’s focus is on identity-based security, tracking users across different accounts, devices and systems to maintain a clear picture of who’s accessing computing assets at any given time.

The acquisition is meant to address the changing realities of the security landscape, as hybrid work and cloud adoption become more and more universal, according to  SentinelOne COO Nicholas Warner.

“Identity Threat Detection and Response (ITDR) is the missing link in holistic XDR and zero trust strategies,” Warner said Tuesday in a company statement announcing the acquisition. “Our Attivo acquisition is a natural platform progression for protecting organizations from threats at every stage of the attack lifecycle.”

It’s an acquisition that lines up well with current trends in the security marketplace, according to Liz Miller, vice president and principal analyst at Constellation Research. The security industry is in the midst of transitioning from what she calls a “wall-and-moat” mindset, where the focus was on broad-stroke preventative measures that were designed to protect static, on-premises equipment, rather than for the much more fluid working environments of today.

“Now we’re moving to cloud services, shared services, people taking their devices home,” Miller says. “Suddenly my router at home is part of the [security] perimeter! So rather than knowing where the boundaries of your perimeter are, [it] is now so malleable that we really need to take identity as the new perimeter.”

The need for an identity-based security setup is prompted by the fact that threats now come from essentially everywhere — misconfigurations and possible malicious users within, and external threats of all kinds.

“This is really an acquisition that starts to telegraph that this world of work-from-anywhere is the reality, and [shows] how we create a solid security posture when everywhere is your perimeter,” Miller says. “I think this really steps up the game for SentinelOne’s customers.”

It seems unlikely that Attivo’s present customers will see any major changes in service in the immediate future, though the solution is likely to be integrated quickly into SentinelOne’s platform.

“I don’t think Attivo’s current customers have a ton to worry about,” Miller notes.

The cash and stock transaction is expected to become final in SentinelOne’s second fiscal quarter, subject to closing conditions and regulatory approval.