Active Defense & Deception , Next-Generation Technologies & Secure Development

Proofpoint to Buy Deception Firm Illusive, Boost Offerings

Ashan Willy's First Deal as CEO Gets Proofpoint Into the Identity, Deception Spaces
Proofpoint to Buy Deception Firm Illusive, Boost Offerings

Ashan Willy has made his first acquisition as Proofpoint's CEO, scooping up an identity startup established by Check Point's former cloud and document security leader.

See Also: Why the Future of Security Is Identity

The Silicon Valley-based email security vendor says its agreement to purchase New York-based Illusive will allow Proofpoint to add identity risk discovery and remediation and post-breach defense to its threat and information protection platform. Buying Illusive will extend Proofpoint's protection capabilities across the entire attack chain to address critical threats such as ransomware and data breaches (see: Proofpoint Acquires AI-Based Data Protection Startup Dathena).

"It's currently far too easy for an attacker to turn one compromised identity into an organizationwide ransomware incident or data breach," Proofpoint Executive Vice President of Cybersecurity Strategy Ryan Kalember says in a statement. "The acquisition of Illusive reinforces Proofpoint's commitment to innovation and growth, bringing market-defining technology to make threat actors' jobs as difficult as possible."

'Solving a Problem that Others Cannot'

Terms of the Illusive deal, which is expected to close in January, weren't disclosed. The acquisition is the first Proofpoint has made since Willy took over as CEO in March from company founder Gary Steele. It's the company's second deal since being taken private by Thoma Bravo in August 2021 for $12.3 billion, which occurred 11 months after Proofpoint bought artificial intelligence-based data classification firm Dathena (see: Thoma Bravo to Buy Proofpoint for $12.3 Billion)

Illusive, founded in 2014, employs 132 people and has raised $54 million in six rounds of outside funding, according to LinkedIn and Crunchbase. The company most recently raised $24 million in an October 2020 Series B extension round. Illusive was founded and led by Ofer Israeli, who had previously spent more than six years overseeing Check Point's endpoint, cloud and document security businesses.

"Illusive is solving a problem that others cannot by focusing on protecting identity security vulnerabilities and stopping the menace of ransomware," Israeli says in a statement. "We are thrilled to join Proofpoint and add our unique approach to ITDR to its people-centric security vision, helping organizations remediate privileged identity risks and understand potential ramifications of compromise."

Illusive's Spotlight product scans Active Directory, privileged access management tools, endpoints, servers and services to uncover gaps between the intention of an organization's identity security products and the reality of their environment. This allows organizations to discover and remediate identity vulnerabilities before attackers exploit them.

Meanwhile, Illusive Shadow allows organizations to identify threats based on attacker interaction with the company's deception technology. Unlike other deception tools that can be tipped off or exploited by attackers due to the use of agents or honeypots, Proofpoint says Shadow's agentless architecture helps evade attacker detection and is undefeated in more than 150 red team exercises.

"I am proud of the powerful products we have built over the years, of protecting our dear customers, and more than anything, of our incredible team that has innovated and pushed the envelope," Israeli writes on LinkedIn on Monday. "We have got to know Proofpoint as a company and the people quite well over the last months and are thrilled to be part of such a great organization and awesome culture."

Following in Footsteps of SentinelOne, CrowdStrike

Both Illusive's identity and deception technology offerings compete directly those of against Attivo Networks, which was acquired in May by endpoint security stalwart SentinelOne for $617.5 million. Attivo is slightly larger and more mature than Illusive. It was founded in 2011, raised $60.1 million of outside funding and employed 228 people at the time of that purchase.

Like Proofpoint and SentinelOne, CrowdStrike also executed an acquisition to enter the identity security market. The endpoint security behemoth bought access control and threat prevention startup Preempt Security in September 2020 for $96 million to help clients protect identity data without compromising productivity or the user experience, and today it has identity threat protection and detection modules.

Proofpoint's buys under Thoma Bravo come after it made several significant deals as a publicly traded vendor. Proofpoint bought data loss protection MSP InteliSecure for $62.5 million in 2021 to help customers protect critical data in diverse environments. In November 2019, the company acquired insider threat management platform ObserveIT for $225 million to protect data across email, cloud and endpoint.

Six months before that, Proofpoint purchased Meta Networks for $120 million to better protect people, applications and data as they move beyond the traditional perimeter. The company also bought browser isolation startup in November 2017 for $60 million as well as phishing simulation and training provider Wombat Security Technologies in February 2018 for $225 million.

These acquisitions have allowed Proofpoint to expand beyond its heritage as a secure email gateway vendor. Willy told CRN in March that Proofpoint is the second-largest vendor in the highly fragmented DLP market, behind only Forcepoint. Proofpoint has long been the industry's largest email DLP vendor and entered the endpoint DLP market through its acquisition of ObserveIT, Willy said in March.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.