SentinelOne reached a $616.5m deal to buy identity security vendor Attivo Networks, the companies announced today.

According to the endpoint security firm, acquiring Attivo will bring identity threat detection and response to its extended detection and response (XDR) tech and expand its total addressable market by about $4bn.

“The shift to hybrid work and increased cloud adoption has established identity as the new perimeter,” SentinelOne COO Nicholas Warner said in a statement. He called identity threat detection and response “the missing link” in XDR and zero-trust security.

XDR combines elements of a handful of other technologies that collect and analyze logs and other telemetry and respond to potential threats. The aim is to centralize security data and incident response.

SentinelOne, along with several of its fellow endpoint security companies like CrowdStrike and McAfee (now combined with FireEye and re-named Trellix), has been pushing into XDR over the past few years. In fact, this isn’t SentinelOne’s first acquisition to provide an XDR boost. Last year, it bought data analytics platform Scalyr to bring that tech in house and under its XDR platform.

Another equally buzzy security phrase – zero trust – is a framework that uses identity and user behavior to continually verify users and machines, and it restricts data and access on a least-privilege basis.

Because identity plays a key role in zero-trust enabling technologies, larger security shops have made moves to add or integrate this capability to their platforms, often via partnerships or M&A.

Attivo, an 11-year-old startup that has raised $60.1m in venture funding to date, started with deception-based detection technology before expanding into identity detection and response.

“As the threat landscape evolves, identity remains the central nervous system of the enterprise,” Attivo Networks CEO Tushar Kothari said. “Combined with the power of SentinelOne’s autonomous XDR, we’ll bring real-time identity threat detection and response to the front lines of cyberdefense.”

In a tweet, HardenStance analyst Patrick Donegan applauded the deal:

SentinelOne’s Attivo buyout follows several other acquisitions in the industry so far in 2022, in what is shaping up to be another big year for cybersecurity M&A following a record-breaking $77.5 billion 2021, according to security advisory firm Momentum Cyber.

In one of the biggest purchases to date: Last week Google announced a deal to buy threat intel firm Mandiant for $5.4bn. ®