Here are some of the basics about the recent LARGE acquisition by Sentinel One. [As a reminder, S just had $66M in revenue this Q. This is a large purchase that is over double their current ARR!]
Sentinel One is buying Attivo Networks for $616.5M, 58% in cash (357.6M), 42% in shares. They have $30M in ARR (so cost about 20x sales) growing +50%, and serve 300+ custs, including “dozens” of F500 and a few govt / public sector as well.
- PR: https://www.sentinelone.com/press/sentinelone-to-acquire-att…
- Slide deck on the acquisition: https://s28.q4cdn.com/399982429/files/doc_financials/2022/q4…
Attivo Networks is basically the combination of Preempt and Smokescreen.
Preempt was acquired in Sep-20 by CrowdStrike for $96M, which provided identity protection by sitting over an existing identity store like AD or other IAMs like Okta. It enhances them with better visibility (user or permission change tracker, looking for misconfigurations or stale accts, etc) and real-time behavioral analytics (does this user behave like they always do). Preempt ultimately turned into their Falcon Identity Threat Detection (scanner) and Falcon Identity Threat Protection (real-time conditional access).
- acquisition: https://www.crowdstrike.com/press-releases/crowdstrike-acqui…
- product: https://www.crowdstrike.com/products/identity-protection/fal…
- product: https://www.crowdstrike.com/products/identity-protection/fal…
Smokescreen was acquired in Jun-21 by Zscaler for $11.5M in cash, which provided network, file, and identity deception technology (using decoys to catch malicious intruders). This turned into Zscaler Deception. It has not yet been fully folded into ZIA or ZPA, from what I can tell.
- acquisition: https://www.zscaler.com/press/zscaler-acquire-smokescreen-en…
- product: https://www.zscaler.com/products/deception-technology
Sentinel One is greatly playing up the identity (Preempt-like) side of Attivo, which is a recent pivot after years of being a decoy-focused (Smokescreen-like) company. This is to greatly bolster their XDR into protecting identity. What this allows for is expanding XDR into a new highly-adjacent direction, as CrowdStrike did. Plus they get the deception capabilities to help protect network, cloud infra, file shares, and identity through decoys. Unlike Preempt, it only protects Active Directory, not other competing IAMs like Okta.
Considering Preempt and Smokescreen were $96M + $11.5M = $107.5M overall, Sentinel One paid up heavy at $616.5M (5.7x that!).
One can probably assume the newer Identity side of the Attivo is growing at a much faster rate than the Deception/Decoy side, but off a smaller base. Pure speculation, but just to conceptualize my theory, they might have $5-15M of ARR growing 70%-100% (identity), and $15-25M of it growing much a slower 30-40% (decoy). It may even be smaller than that wild guess. They have had identity decoy and endpoint agent (ADSecure) for identity protection for a while, but major parts of their new identity focus released in Mar-21 (AdAssessor AD scanner) and just now in Mar-22 (ADSecure-DC to protect over AD itself, not from their endpoint agent).
- ADAssessor released Mar-21: https://www.attivonetworks.com/adassessor-announcement/
- ADSecure Domain Controller (DC) released Mar-22: https://www.attivonetworks.com/adsecure-dc/
They were a CrowdStrike partner since Apr-20. https://www.attivonetworks.com/attivo-networks-announces-int…
They were a SentinelOne partner and in the Singularity Marketplace since Dec-21. https://www.attivonetworks.com/sentinelone-marketplace/
Considering this smaller segment is the part Sentinel One is overly focused on in all PR and slides, I think they greatly overpaid for having their main focus on a portion of the company.
- muji
long S