Cybersecurity company SentinelOne plans to acquire Attivo Networks for its identity-based threat detection technology, the companies said Tuesday. The cash and stock transaction, valued at $616.5 million, is expected to close in SentinelOne’s upcoming fiscal second quarter.

In a statement, SentinelOne COO Nicholas Warner said Identity Threat Detection and Response (ITDR) “is the missing link” in XDR (extended detection and response) — an approach to security that collects and correlates data across layers, including email, endpoints, servers, cloud workloads, and networks.

“The shift to hybrid work and increased cloud adoption has established identity as the new perimeter, highlighting the importance of visibility into user holistic XDR and zero trust strategies,” Warner said. “Our Attivo acquisition is a natural platform progression for protecting organizations from threats at every stage of the attack lifecycle.” 

The demand for cybersecurity products has driven huge levels of investment in the market, with mergers and acquisitions in cybersecurity reaching $77.5 billion in 2021. In June of last year, SentinelOne debuted on the New York Stock Exchange, raising $1.2 billion at an implied valuation of $8.9 billion — making it the highest-valued cybersecurity IPO ever.

Attivo Networks, meanwhile, was founded in 2011 and is based in Fremont, California. It counts more than 300 global enterprises as customers, including Fortune 500 companies. 

The acquisition should expand SentinelOne’s total addressable market by $4 billion, the companies said. Attivo’s products will be incorporated into SentinelOne’s Singularity XDR platform for autonomous protection. That includes: 

  • Attivo’s identity suite, which protects in real time against credential theft, privilege escalation, lateral movement, data cloaking, identity exposure and more, supporting conditional access and zero trust cybersecurity.
  • Attivo’s identity assessment tool, which provides instant Active Directory visibility of misconfigurations, suspicious password and account changes, credential exposures, unauthorized access and more. 
  • Attivo’s network and cloud-based deception suite, which lures attackers into revealing themselves.