Less than year after a shift to the burgeoning identity threat detection and response (ITDR) market from its initial roots as a pure-play deception technology startup, Illusive reached the liquidity promised land this week. Proofpoint has announced plans to purchase the firm for an undisclosed amount, with the deal set to close in early 2023.

According to executives from Proofpoint, which specializes in email and cloud security, the pickup was spurred by a drive to reinforce its technology portfolio with identity-focused protections. The company said it was drawn to Illusive for its identity risk discovery and remediation capabilities, in addition to post-breach defenses that could build out Proofpoint's protections against ransomware​ and data theft.

"It's currently far too easy for an attacker to turn one compromised identity into an organizationwide ransomware incident or data breach," said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint, in a statement.

Deception Tech: Not Enough on Its Own

Initially founded in 2014 by former Check Point Software Technologies veteran Ofer Israeli, Illusive touted itself for a long time for its deception technology capabilities, focusing primarily on breach detection through the use of decoy assets — including credentials — seeded on customer networks. 

The firm had raised more than $54 million in venture funds with that market positioning. However, pure-play deception increasingly has been subsumed as a narrow feature set within broader segments, like extended detection and response (XDR).

As Forrester's David Holmes put it in his analysis of the acquisition of deception player Attivo by XDR vendor SentinelOne in March, "Deception tech, while super cool, was never able to achieve escape velocity on its own, and some of its shining stars are disappearing into portfolios of larger vendors."

Amid that kind of market action, Illusive pivoted.

Entering the ITDR Space

Earlier this year, it repositioned itself as an identity risk management vendor, with the launch of its Illusive Spotlight ITDR platform in February. 

The platform is not that big of a departure from its deception roots — it works hand-in-hand with the deception technology the vendor had developed and sells through its Illusive Shadow product. But the launch of Spotlight gave Illusive leave to reposition itself as a major identity player and go after a market that industry analysts are increasingly promoting as an important component of security programs of the future. 

In March, Gartner named the rise of ITDR as one of the top security and risk management trends for 2022.

"Organizations have spent considerable effort improving [identity access management] IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," Peter Firstbrook, research vice president for Gartner, said in that prediction. "ITDR tools can help protect identity systems, detect when they are compromised, and enable efficient remediation."

In many ways, this deal by Proofpoint mirrors SentinelOne's purchase of Attivo. Forrester's Holmes said at the time that the company was attracted to Attivo's identity capabilities first, with the deception element coming second.

"What acquisitions like this one ultimately mean for security and risk decision-makers is that they can pivot from deploying a stand-alone deception tech product and start evaluating how deception gets paired with one or two key tactical domains such as identity," Holmes wrote at the time.

The Proofpoint purchase of Illusive solidifies that assessment.