XDR-driven security industry consolidation continues, with SentinelOne to acquire Attivo

Did you miss a session at the Data Summit? Watch On-Demand Here.

With SentinelOne announcing plans to acquire Attivo Networks — coming one week after Google said it has an agreement to buy Mandiant — a recent prediction from research firm Gartner about the drivers for a new wave of security industry consolidation seems to be proving out.

On March 7, Gartner identified vendor consolidation among the top seven security and risk management trends for 2022. “Security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase effectiveness,” Gartner said in a news release.

The very next day, one of the largest security industry acquisitions in recent memory — Google’s $5.4 billion deal to acquire security powerhouse Mandiant — was announced.

And today, another sizable acquisition is coming to light: AI-driven cybersecurity firm SentinelOne announced a $616.5 million deal to acquire identity security firm Attivo Networks, in part to bolster SentinelOne’s Singularity XDR (extended detection and response) platform.

What the two acquisitions have in common is that both appear aimed at delivering an XDR, or XDR-like, architecture to customers.

Focus on XDR

While capabilities can vary across vendors in XDR, the overall concept is to integrate and correlate data from numerous security tools — and from across varying environments — in order to help customers prioritize the biggest threats.

While less than 5% of organizations are using XDR today, that’s expected to climb to 40% by 2027, according to a recent report from Gartner. 

In an interview last week, Gartner’s Peter Firstbrook told VentureBeat that right now, “one of the driving factors of vendor consolidation is XDR.”

XDR brings an answer to the key question of “how do I integrate all the threat intel from all these security components I bought — so that I can do a proper incident response, and the humans can make sense of those alerts very quickly?” said Firstbrook, a research vice president and analyst at Gartner

In other words, XDR allows security teams to “resolve alerts quickly and move on,” he said. “Because right now, most organizations are really struggling to deal with all their alerts.”

And when it comes to XDR-driven consolidation in the security industry, “this is just the beginning of this trend,” Firstbrook said in the interview last week.

Microsoft had reportedly wanted to acquire Mandiant, before Google stepped in, “so maybe they’ll buy SecureWorks or Reliaquest or eSentire to jumpstart their program,” he said, referring to several vendors in the XDR space.

Google’s moves

The shift to embracing an XDR-like architecture appears to have been among the factors behind Google’s interest in Mandiant, as well as a factor in Google’s acquisition of Siemplify in January.

“I feel this merger between Mandiant and Google Cloud allows us to be the brains behind so much of those controls that people are depending on,” Mandiant CEO Kevin Mandia said during a news conference last week. The move will bring together Mandiant’s threat intelligence and services with the Google Chronicle security analytics service and Siemplify, Mandia noted.

Chronicle and Siemplify are all about “interoperability between a ton of other technologies — [they] work with every firewall company, work with all the endpoint companies, work with logs generated from different applications,” he said.

Meanwhile, with SentinelOne’s announcement today, the focus on XDR is even more overt. The acquisition of Attivo, set to close in the quarter ended July 31, will extend the capabilities of the Singularity XDR platform “to identity-based threats across endpoint, cloud workloads, IoT devices, mobile and data wherever it resides,” SentinelOne said in a news release.

Identity threat detection

Notably, another trend highlighted on Gartner’s recent list — identity threat detection and response — factors heavily in SentinelOne’s planned acquisition of Attivo as well. The term, coined by Gartner, refers to the approach of going beyond identity authentication to actually detect when identity systems have been compromised.

Identity is “the new perimeter,” said SentinelOne COO Nicholas Warner in a news release. And “identity threat detection and response is the missing link in holistic XDR and zero trust strategies,” Warner said.

As for Google Cloud, the acquisitions are unlikely to stop with Mandiant, Forrester analysts Jeff Pollard and Allie Mellen wrote in a blog post last week. Next up on the acquisition priority list might be a solution for endpoint detection and response (EDR), the analysts said.

“Given that GCP (Google Cloud Platform) needs EDR to gain full ownership of the technologies that comprise its XDR offering, its next shopping list likely includes an EDR tool,” the analysts wrote in the blog. “GCP wants to become a top–tier cybersecurity player, and its acquisitive actions match its goals.”

More broadly, the Mandiant acquisition “will have a major ripple impact across the cybersecurity space as cloud stalwarts Amazon and Microsoft will now be pressured into M&A and further bulk up its cloud platforms,” wrote Daniel Ives, managing director for equity research at Wedbush Securities, in a note to investors last week.

Wedbush believes that cybersecurity vendors including Varonis, Qualys, Tenable, Rapid7, CyberArk, SailPoint and Ping Identity stand out as candidates for a possible acquisition, given the “laser focus” these vendors bring on securing cloud workloads against attacks, Ives wrote.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Source: Read Full Article