Attivo Networks Blogs

SentinelOne acquires Attivo Networks for $617M

After one of the largest initial public offerings in the cybersecurity industry, SentinelOne Inc. will expand once again — this time into the identity and access management space.

In a blog post Tuesday, the endpoint security vendor announced the definitive agreement stage of the impending acquisition of Attivo Networks, an identity security company based in Fremont, Calif. The move would add identity threat detection to SentinelOne’s current extended detection and response (XDR) offerings, as Attivo focuses on securing Active Directory (AD) and cloud environments.

The announcement comes nearly nine months after SentinelOne raised more than $1 billion in its IPO, with the goal to further expand its endpoint detection platform into XDR.

With threat actors increasingly compromising credentials and admin privileges, gaining visibility around services like AD has grown in importance. One recent example involved the use of the malware that ESET referred to as HermeticWiper. While examining a new wormable component to the malware that targeted Ukrainian organizations, researchers discovered indications that the attackers may have gained control of AD.

In the blog post, SentinelOne highlighted Attivo’s identity assessment tool, which monitors suspicious passwords and account changes, as well as credential exposures and unauthorized access. The identity vendor, which was founded in 2011, currently has more than 300 global customers, according to the blog.

“Identity fuses together all enterprise assets, and I see identity threat detection and response as an integral part of our XDR vision. Attivo Networks is the right technology and team to advance our portfolio, complementing our hypergrowth and accelerating zero trust adoption,” SentinelOne CEO Tomer Weingarten said in the blog.

Jon Oltsik, analyst at Enterprise Strategy Group, a division of TechTarget, said one of the gaps ESG discovered in its initial XDR research in 2020 was identity visibility. Organizations were seeking to better understand user behavior and behavioral anomalies, he said, so that they could detect threats and correlate identity behavior to other things happening on their networks.

“This acquisition gives SentinelOne identity visibility and analytics that can help in this area. I also like the deception capabilities which add a degree of threat prevention and internal threat intelligence to XDR,” Oltsik said in an email to SearchSecurity.

Attivo initially focused on deceptive technology, which is designed to protect enterprises by presenting decoy environments and honeypots to threat actors scanning customer environments. David Holmes, senior analyst at Forrester Research, said Attivo’s identity protection offerings were what drew interest from SentinelOne.

“Attivo was a darling of deception technology, but SentinelOne was really after their Active Directory protection portfolio, including ADAssessor and ADSecure,” Holmes said. “What acquisitions like this one ultimately mean for security and risk decision-makers is that they can pivot from deploying a standalone deception tech product and start evaluating how deception gets paired with one or two key tactical domains like identity.”

Read the original article by Arielle Waldman on TechTarget.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

two × 2 =

Ready to find out what’s lurking in your network?

Scroll to Top