Content, Channel investors

SentinelOne Acquires Attivo Networks; XDR and Identity Security Converge

Credit: SentinelOne

SentinelOne is acquiring Attivo Networks to inject XDR with identity security, and to accelerate the shift to Zero Trust, the two security software companies said. The M&A deal is valued at $616.5 million. An EBITDA multiple was not disclosed.

This is technology M&A deal number 270 that MSSP Alert and sister site ChannelE2E have covered so far in 2022.

Attivo Networks: What SentinelOne Gains

Attivo Networks, based in Fremont, California, has 228 employees listed on LinkedIn. The company's software addresses Identity Detection and Response (IDR); and protects against identity compromise, privilege escalation, and lateral movement attacks. The software also protects endpoints, Microsoft Active Directory (AD), and cloud environments.

Among Attivo Networks' recent developments: The company's Endpoint Detection Net (EDN) suite in September 2021 gained ThreatStrike functionality, which “allows organizations to hide real credentials from attacker tools and bind them to their applications.” The result: Attivo can cloak real credentials from attackers, the company says.

Together, SentinelOne and Attivo Networks say they plan to offer and address:

  1. Identity Threat Detection and Response;
  2. Identity Infrastructure Assessment; and
  3. Identity Cyber Deception.

Attivo was venture backed ahead of the M&A deal. The company raised $21 million in Series C funding in 2017. That funding round was led by  Trident Capital Cybersecurity with participation from existing investors Bain Capital Ventures and Omidyar Technology Ventures. We don't know if Attivo raised additional funding since that time.

SentinelOne and Attivo: MSSP and MSP Partner Programs

Both SentinelOne and Attivo have partner programs for MSPs and MSSPs. Attivo's partner program is more of a traditional channel partner approach, while SentinelOne has major momentum with MSPs and MSSPs, and software companies that support service providers.

Among those cheering the M&A deal: Accounting and IT consulting giant KPMG, which has a Top 250 MSSP business unit. In a prepared statement, Ed Goings, KPMG's national leader for cyber response services, said:

“In our breach response engagements, Active Directory and identity-based attacks are too common. Attackers are aware that AD is the crown jewel of the enterprise - controlling end user entitlement, access, and privileges. Unauthorized AD access grants bad actors the ability to install backdoors, exfiltrate data, and change security policies. I’m excited about Singularity XDR now encompassing identity threat detection and response.”

SentinelOne Acquires Attivo: Executive Perspectives

Nick Warner, formerly president of security, SentinelOne
Nick Warner, chief operating officer, SentinelOne

In a prepared statement about the deal, SentinelOne COO Nicholas Warner said:

“The shift to hybrid work and increased cloud adoption has established identity as the new perimeter, highlighting the importance of visibility into user activity. Identity Threat Detection and Response (ITDR) is the missing link in holistic XDR and zero trust strategies. Our Attivo acquisition is a natural platform progression for protecting organizations from threats at every stage of the attack lifecycle."

Added Attivo Networks CEO Tushar Kothari:

“We are thrilled to join SentinelOne, the category leader in XDR. Attivo’s solutions are a perfect complement, as an XDR with identity protection significantly improves organizational security posture. As the threat landscape evolves, identity remains the central nervous system of the enterprise. Combined with the power of SentinelOne’s autonomous XDR, we’ll bring real-time identity threat detection and response to the front lines of cyberdefense.”

Concluded Tomer Weingarten, CEO, SentinelOne:

“The acquisition of Attivo Networks continues our commitment to defining and delivering autonomous XDR. Identity fuses together all enterprise assets, and I see identity threat detection and response as an integral part of our XDR vision. Attivo Networks is the right technology and team to advance our portfolio, complementing our hypergrowth and accelerating enterprise zero trust adoption.”

SentinelOne: M&A and Financial Update

SentinelOne has M&A experience -- having acquired Scalyr to counter Splunk in February 2021. Moreover, SentinelOne has been exploring more security software acquisitions since at least December 2021. The effort includes hiring Cisco Systems veteran Rob Salvagno to lead corporate development. One related rumor had SentinelOne exploring an Orca Security purchase in late 2021, but that deal never materialized.

So what's next? More details about the Attivo Networks deal and SentinelOne's business performance will surface later today when the security company announces Q4 2022 earnings results. Stay tuned for details.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.