SentinelOne has announced that they will acquire Attivo Networks, a leading Distributed Deception Platform (DDP) and Identity Threat Detection & Response (ITDR) solution provider. This appears to be a good move for SentinelOne, which is a leading Endpoint Protection Detection & Response (EPDR) vendor. SentinelOne went public with the one of the largest IPOs ever last year.
Attivo was founded in 2011 in the Bay Area. Their initial focus was on the DDP market. DDP is an innovative approach to detecting and preparing for cyberattacks, whereby organizations deploy decoy resources to attract the attention of would-be attackers. This strategy allows organizations to study attacker Tactics, Techniques, and Procedures (TTPs) while protecting their crucial assets, ensuring that the intelligence gathered from the DDP is of the highest quality and most pertinent for each customer. Attivo was a leader in all categories (Overall, Product, Innovation, and Market) in the 2021 edition of the KuppingerCole Leadership Compass on DDP.
Two of the main decoy components of DDPs such as Attivo’s are traps and lures:
- Traps are servers, virtual servers, and/or appliances that host simulated assets. Traps can mimic traditional IT assets such as file and web servers, desktops, and containers, as well as Operational Technology (OT) assets such as Industrial Control System (ICS) servers, sensors, Human-Machine Interfaces (HMI), IoT devices, etc.
- Lures are objects that are designed to appeal to attackers and get them to interact with the DDP. Lures can include services, files, credentials, x.509 certificates, SSH keys, scripts, ICS devices, etc.
Many OT, IoT, and health care environments do not support standard endpoint security agents, due to incompatibility of operating systems and/or restrictions against adding security software to managed hosts. Solutions such as DDPs and Network Detection & Response (NDR) tools can provide visibility that would otherwise be missing from these critical portions of customer environments.
Traps and lures are foundational components of DDPs, but identity deception is essential also because attacks leverage user and admin credentials. Attivo Networks has extended its product portfolio significantly beyond DDP, to also support ITDR. These capabilities are delivered via the Attivo Networks Active Directory Protection Portfolio. The portfolio is comprised of ADAssessor and ADSecure. ADAssessor monitors customer AD to look for ways to reduce the attack surface. ADSecure returns fake privileged credentials as query results and hides real privileged credentials to attackers while alerting customer IT security staff.
SentinelOne’s strategic vision is to provide an integrated security platform to replace multiple types of endpoint and network security tools with a single solution to prevent, detect, analyze, and respond to cyberthreats across all enterprise IT assets, on-premises and in the cloud. SentinelOne has agents for Windows XP to version 11, Windows Server 2008+, MacOS, all Linux flavors, Android, and iOS. SentinelOne’s solutions are powered by Machine Learning and Deep Learning detection models that are capable of providing the highest levels of protection, even for clients that are not constantly connected to their cloud. SentinelOne has participated in a number of KuppingerCole reports, such as the Market Compass on EPDR.
The acquisition of Attivo by SentinelOne will provide additional XDR (eXtended Detection & Response) capabilities for their Singularity Platform. We have identified DDP as an innovative component of XDR platforms. Only a handful of vendors that are purporting to be in the XDR space have DDP within their solution set yet. Moreover, ITDR not yet is a common capability in XDR, but being able to analyze signals from the network and endpoints to the behavior of digital identities provides significantly enhanced insight into threats. This acquisition demonstrates that both DDP and Identity will be essential ingredients in XDR.
KuppingerCole will continue to monitor and publish on developments in the XDR and related markets.