SentinelOne’s XDR Gains Identity Protection With $617M Attivo Buy
Attivo Networks Blogs

SentinelOne’s XDR Gains Identity Protection With $617M Attivo Buy

SDxCentral logo

SentinelOne snapped up Attivo Networks in a $616.5 million deal to bring identity-based threat protection to its extended detection and response (XDR) platform.

The acquisition will “enable us to provide cybersecurity in one of the most critical and dynamic parts of enterprise security today: the identity parameter,” and address the $4 billion and growing identity security market, SentinelOne CEO and co-founder Tomer Weingarten said during a recent earnings call. “With Attivo’s user-centric identity capabilities, we will be able to support an even more comprehensive zero-trust framework.” 

“Identity threat detection and response is the missing link in holistic XDR and zero trust strategies,” echoed SentinelOne COO Nicholas Warner in a statement.

Weingarten touted Attivo’s platform as being adopted by over 300 customers including some Fortune 500 companies and government entities. 

The platform features agent-based identity protection, identity infrastructure assessment, identity-based vulnerability scanning and management for enterprise infrastructure, and deception services, according to Weingarten.

“Attivo was a darling of deception technology, but SentinelOne was really after its Active Directory protection portfolio, including ADAssessor and ADSecure,” Forrester senior research analyst David Holmes wrote in a blog post. “Enterprise identity plays a critical role in the zero-trust world mandated by the Biden executive order and recently road mapped by the Cybersecurity and Infrastructure Security Agency and the US Office of Management and Budget.”

The Attivo acquisition is expected to close in SentinelOne’s fiscal second quarter of 2023. 

Is Standalone Deception Tech Fading Out?

SentinelOne isn’t the only XDR vendor going after the identity protection market. CrowdStrike recently also boasted its success with identity protection and integrated its Falcon Identity Threat Protection module with the Falcon Complete managed endpoint security service.

CrowdStrike also acquired Preempt for a reported $96 million in 2020 to boost its zero-trust capabilities. The move “presaged the SentinelOne acquisition,” according to Holmes.

The deception technology, “while super cool, was never able to achieve escape velocity on its own, and many of its shining stars are disappearing into portfolios of larger vendors,” Holmes noted. 

Another example is Zscaler’s Smokescreen buy last year. The vendor sold the tech as Zscaler Deception, but Holmes expects the vendor will integrate the platform into Zscaler Private Access and Zscaler Internet Access before long.

For deception-tech startups, the acquisition and valuation of Attivo may give them hope to move from standalone tech to pairing with another more mainstream security tech such as identity, endpoint, or network security, he explained.

And for security and risk decision-makers, these acquisitions mean “they can pivot from deploying a stand-alone deception tech product and start evaluating how deception gets paired with one or two key tactical domains such as identity,” he added. 

Read the original article by Nancy Liu on SDxCentral.

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top