SentinelOne to buy Attivo Networks for $617M
Attivo Networks Blogs

SentinelOne to buy Attivo Networks for $617M, bringing ID-based security to XDR platform

CSO logo

In a move designed to bolster its XDR (extended detection and response) platform, Singularity, to defend against the latest cybersecurity threats, endpoint security vendor SentinelOne plans to acquire IAM (identity and access management) provider Attivo Networks for $616.5 million.

Singularity is an AI-based system that allows for automated response to many types of endpoint-based threats — those that target user devices like laptops and smartphones, rather than a company’s servers directly. Attivo’s focus is on identity-based security, tracking users across different accounts, devices and systems to maintain a clear picture of who’s accessing computing assets at any given time.

The acquisition is meant to address the changing realities of the security landscape, as hybrid work and cloud adoption become more and more universal, according to  SentinelOne COO Nicholas Warner.

“Identity Threat Detection and Response (ITDR) is the missing link in holistic XDR and zero trust strategies,” Warner said Tuesday in a company statement announcing the acquisition. “Our Attivo acquisition is a natural platform progression for protecting organizations from threats at every stage of the attack lifecycle.”

It’s an acquisition that lines up well with current trends in the security marketplace, according to Liz Miller, vice president and principal analyst at Constellation Research. The security industry is in the midst of transitioning from what she calls a “wall-and-moat” mindset, where the focus was on broad-stroke preventative measures that were designed to protect static, on-premises equipment, rather than for the much more fluid working environments of today.

“Now we’re moving to cloud services, shared services, people taking their devices home,” Miller says. “Suddenly my router at home is part of the [security] perimeter! So rather than knowing where the boundaries of your perimeter are, [it] is now so malleable that we really need to take identity as the new perimeter.”

The need for an identity-based security setup is prompted by the fact that threats now come from essentially everywhere — misconfigurations and possible malicious users within, and external threats of all kinds.

“This is really an acquisition that starts to telegraph that this world of work-from-anywhere is the reality, and [shows] how we create a solid security posture when everywhere is your perimeter,” Miller says. “I think this really steps up the game for SentinelOne’s customers.”

It seems unlikely that Attivo’s present customers will see any major changes in service in the immediate future, though the solution is likely to be integrated quickly into SentinelOne’s platform.

“I don’t think Attivo’s current customers have a ton to worry about,” Miller notes.

The cash and stock transaction is expected to become final in SentinelOne’s second fiscal quarter, subject to closing conditions and regulatory approval.

Read the original article by Jon Gold on CSO Online.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top