Inside SentinelOne’s bid for defense firm Attivo Networks

Active Defense and Deception, Endpoint Detection and Response (EDR), Identity and Access Management

Security Experts Rate ‘Super Cool’ Deception Tech, Worry About $615.5M Deal

Devon Warren-Kachelein (devawarren) •
March 18, 2022

Automation Manager SentinelOne this week announced plans to buy Attivo Networks, a leading identity security and cyber deception company, for $615.5 million in a cash and stock transaction.

See also: Live Webinar | Advocacy for managed endpoint detection and response


Described as a game to improve zero-trust onboarding and thwart identity-based attacks, Attivo Networks’ endpoint agent will blend into SentinelOne’s Singularity XDR platform. The merger would also add more visibility into end-user activity, as remote working and cloud adoption have increased organizational network risk through end users.


“Identity Threat Detection and Response (ITDR) is the missing link in holistic XDR and Zero Trust strategies. Our acquisition of Attivo is a natural progression of the platform to protect organizations against threats at every stage of the process. attack lifecycle,” SentinelOne COO Nicholas Warner said in a statement.


Some welcome the announcement, saying it will help deter attackers from targeting networks monitored by this technology. Other analysts, however, view the acquisition as a consolidation move, fearing it could stifle innovation or worse as that trend continues into 2022.


California-based SentinelOne was founded in Israel by current CEO Tomer Weinergarten and former CTO Almog Cohen in 2013. Its website details the Singularity platform as an innovative AI-powered defense tool “working at faster speed, larger scale, and greater precision than possible from a single human or even a crowd.”


The deal, if the terms are met, will close during SentinelOne’s second quarter this summer. It would be the biggest purchase of a deceptive security company to date, according to Forrester principal analyst David Holmes.


Deception Tech takes center stage


Network defenders are looking for more effective threat detection tools to combat the AI ​​tactics already used by threat actors to steal credentials.


Deceptive security tools use decoys to deflect attackers away from corporate networks. Attivo Networks, for example, offers unique obfuscation capabilities through its ITDR solutions that can protect and prevent attackers from accessing credentials, shared folders and other data, a spokesperson told Information Security Media Group.


Attivo Networks has built a strong customer base, providing endpoint defense solutions for the US Department of Homeland Security, the Global Cyber ​​Alliance, Amazon Web Services, and Google Cloud, among many other Fortune 500 companies. company has often been praised by early investors and partners for its development of highly sophisticated identity tools.


Tushar Kothari, CEO of Attivo Networks, celebrated the partnership with SentinelOne. He says Attivo’s technology could complement the XDR platform, as well as strengthen organizational security posture.

“As the threat landscape evolves, identity remains the central nervous system of the enterprise. Combined with the power of SentinelOne’s standalone XDR, we will bring real-time identity threat detection and response to the front lines of cyber defense,” said Kothari.


The value of this technology is akin to activating a home or automotive security system on a network, according to George Finney, CISO of Southern Methodist University. He says the purchase would allow SentinelOne to integrate cutting-edge offerings into its XDR platform, merging automation with a stealthy security tool that combats attackers.


Finney says buying Attivo Networks would be a “big decision” for SentinelOne and tells ISMG: “Acquiring Attivo as a consumer EDR product will mean it will be even easier to scale networks in And some recent NSA research indicates that bad guys spend less time on your networks when they know deception is being used, the same way a burglar spends less time in a home with a security system. Deception is an active defense that puts pressure on attackers to question themselves.


Forrester’s Holmes compares the acquisition to other deceptive security deals, such as CrowdStrike’s $96 million merger with Preempt. He says the deceptive cybersecurity is “super cool” but it never took off on its own and is potentially better as an added feature. Typically, deceptive security companies retreat into larger vendor portfolios.


“The SentinelOne press release mentions identity just under 30 times and deception only three,” Holmes wrote in a blog post. “That word count of honeypots and honeynets seems to confirm that the acquisition was all about identity, isn’t it? Or is that just what SentinelOne wants us to believe?”


Consolidation and other concerns


The announcement of the SentinelOne acquisition addresses several cybersecurity buzzwords: identity, adopting zero trust, and moving to the cloud. This leads some experts to consider that the deal may be more than what lies on the surface.


“Identity is not synonymous with zero trust, but rather is consumed in zero trust environments,” says John Kindervag, the founding father of the zero trust architecture and an ISMG contributor. He says the merger could very well be a way for SentinelOne to rely less on third-party vendors, such as Okta or Duo Security, and calls the strategy “interesting but not transformative.”


“I expect more consolidation games like this from the biggest cyber vendors as they hope to move from a product game to a platform game,” says Kindervag, former CTO of Palo Alto Networks.


Security and tech giants looking to strengthen identity and other solutions could lead to bigger problems, hampering the competition that keeps product innovation fresh.


“Unfortunately, there comes a time when we can achieve monoculture,” writes Alexandre Blanc, CISO of Vars Corp., in a LinkedIn post. “And we know that when that happens, technology tends to[s] to go from useful to bloatware, or the kind of abuse we see with big tech and the cloud.”


Carolyn Crandall, chief security officer and CMO of Attivo Networks, told ISMG that SentinelOne is committed to maintaining and improving the products currently offered by Attivo.

Laura J. Boyer