XDR-driven security industry consolidation continues, with SentinelOne to acquire Attivo
With SentinelOne announcing plans to acquire Attivo Networks — coming one week after Google said it has an agreement to buy Mandiant — a recent prediction from research firm Gartner about a new wave of security industry consolidation seems to be proving itself.
On March 7, Gartner identified vendor consolidation among the top seven security and risk management trends for 2022. “Security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase effectiveness,” Gartner said in a news release.
The very next day, one of the largest security industry acquisitions in recent memory — Google’s $5.4 billion deal to acquire security powerhouse Mandiant — was announced.
And today, another sizable acquisition is coming to light: AI-driven cybersecurity firm SentinelOne announced a $616.5 million deal to acquire identity security firm Attivo Networks, in part to bolster SentinelOne’s Singularity XDR (extended detection and response) platform.
What the two acquisitions have in common is that both appear aimed at delivering an XDR, or XDR-like, architecture to customers.
Focus on XDR
While capabilities can vary across vendors in XDR, the overall concept is to integrate and correlate data from numerous security tools — and from across varying environments — to help customers prioritize the biggest threats.
While less than 5% of organizations are using XDR today, that’s expected to climb to 40% by 2027, according to a recent report from Gartner.
In an interview last week, Gartner’s Peter Firstbrook told VentureBeat that right now, “one of the driving factors of vendor consolidation is XDR.”
XDR brings an answer to the key question of “how do I integrate all the threat intel from all these security components I bought — so that I can do a proper incident response, and the humans can make sense of those alerts very quickly?” said Firstbrook, a research vice president and analyst at Gartner
In other words, XDR allows security teams to “resolve alerts quickly and move on,” he said. “Because right now, most organizations are really struggling to deal with all their alerts.”
And when it comes to XDR-driven consolidation in the security industry, “this is just the beginning of this trend,” Firstbrook said in the interview last week.
Microsoft had reportedly wanted to acquire Mandiant, before Google stepped in, “so maybe they’ll buy SecureWorks or Reliaquest or eSentire to jumpstart their program,” he said, referring to several vendors in the XDR space.
Meanwhile, with SentinelOne’s announcement today, the focus on XDR is even more overt. The acquisition of Attivo, set to close in the quarter ended July 31, will extend the capabilities of the Singularity XDR platform “to identity-based threats across endpoint, cloud workloads, IoT devices, mobile and data wherever it resides,” SentinelOne said in a news release.
Identity threat detection
Notably, another trend highlighted on Gartner’s recent list — identity threat detection and response — factors heavily in SentinelOne’s planned acquisition of Attivo as well. The term, coined by Gartner, refers to the approach of going beyond identity authentication to actually detect when identity systems have been compromised.
Identity is “the new perimeter,” said SentinelOne COO Nicholas Warner in a news release. And “identity threat detection and response is the missing link in holistic XDR and zero trust strategies,” Warner said.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise