Redefining Identity Security Tushar Kothari and ITDR

Kothari’s leadership as Attivo’s CEO over the previous nine years had helped the company flip the script on network attackers by leveraging deception and protecting identity at scale. His journey to helming the category-defining company, though, had begun over three decades prior. 

Kothari started his career as a developer in the late 80’s. Tasked with writing software, he was exposed to all aspects of product development. “It taught me a lot about how to design and define products,” he reflects. “I learned how what I was developing could be applied to business.” 

One early lesson came when Kothari was an engineering manager at View Engineering, a pattern recognition and image processing company. Working alongside a tool bit manufacturing partner to develop a product to detect if commercial machine tool bits were nearing failure, Kothari pointed out that the innovation would reduce the partner’s revenue as it would extend the life of the tool bits. The partner company admitted to having no intention of using the technology- they just wanted to patent it so their competitors couldn’t either. The dead-end project quickly ended and, in search of the next product to lead, Kothari decided to take a different approach by speaking with customers to hear what they wanted. The experience taught Kothari the power of defining products based on customer needs. 

Intrigued by the intersection of technology, business, and innovation, Kothari worked his way up the executive ladder over the next 15 years, holding VP and GM level roles at Cisco, Juniper Networks, Meru Networks (later acquired by Fortinet), and NCR Corporation (now NCR Voyix Corporation). As he helped build and scale software, hardware, and services globally, Kothari gained valuable experience in sales, business development, management, and business operations.

Kothari recalls one pivotal experience early in his tenure at Cisco as a product manager overseeing Cisco Pro, a stripped-down product line designed for channel partners selling to small businesses. Customers, expecting the full Cisco product, complained about its lack of features. Over time, Kothari’s team added features back to meet customer needs until Cisco Pro became identical to the main product line, rendering it obsolete. Kothari proposed a value-based channel program- in which partners that invested more resources would receive more product discounts- was a better solution to manage channel partnerships and segment the market. After pitching the idea to his boss, he stepped up to lead the channel program from $10M to over $4B in revenue. The experience sparked Kothari’s interest in sales, laid the foundation for his promotion up the corporate ladder, and reinforced his passion for providing customers with what they wanted- not telling them what they needed.  

Looking back, Kothari sees his path from engineering to executive leadership as a lesson in pushing your limits and keeping things in perspective. “Don’t be afraid to step up to a challenge, even if you are just starting out as an engineer,” he says.  “When you become responsible for a project, always look at the bigger picture as well. That’s what prepares you for a C-level role.” 

In 2013, Kothari’s career path took a pivotal turn. Ready to helm a company of his own and build from the ground up after years of enterprise executive experience, the pieces fell into place when he met a small network security startup called Attivo Networks that was pursuing deception technologies. 

The company’s vision sprang to life when Kothari met Venu Vissamsetty, a talented engineer. A meeting with Symantec (now Gen Digital) inspired the pair to build Attivo’s deception technology within the network to detect and derail attackers. Vissamsetty soon got to work building the product. Kothari stepped up to lead the company as CEO and wrote Attivo its first check. With no salary for the first year and his own money invested in the company, Kothari was all in on Attivo’s vision and execution. 

Attivo’s technology sought to detect and disrupt lateral movement and insider threats within networks, meeting a pressing need for companies. The early 2010’s was a period of dramatic change and rapid digital transformation, with increasing cloud computing adoption and greater numbers of internet of things (IoT) devices and operational technologies connected to networks.  Companies were struggling to adapt and establish security controls to address expanded attack surfaces. Advanced attackers, seeing an opportunity for profit, were breaking into corporate and government networks to deploy ransomware, encrypt data, and demand ransom payments. 

At the time, legacy security tools were limited and created false alerts and mountains of data for security teams to sift through. As a result, the average time attackers went undetected in networks was over 100 days.  Attivo Networks sought to address what traditional solutions couldn’t by detecting network attackers as early as possible. As the company analyzed network attacks for their clients, they realized that most were enabled by credential harvesting. Attackers would steal credentials (compromising identities) and escalate privileges to access valuable data. Their discovery reinforced an emerging trend in cybersecurity (one that’s now well-worn): identity was the new perimeter. This insight would inform the company’s product development. 

Kothari describes Attivo’s approach to disrupt attackers with an analogy. “If I come into my house, I already know where my staircase is, where the car keys are, and where I keep the safe. When attackers break in, they have to look around to see where to go and what to steal,” he says. “We were developing capabilities to detect attackers who broke in and give them fake information, leading them away from the real assets.” 

Despite their refined technology, Attivo’s novel idea brought unique challenges over the first few years. Kothari and his team had a hard time convincing enough buyers and investors that their solution was scalable to expanding attack surfaces. Even when customers were convinced by the technology, many were unwilling to admit they worked with Attivo Networks over fears of tipping off attackers and insider threat actors. This was a problem for Kothari. Without shareable customer validation, executing a go-to-market plan would be next to impossible.  

Attivo Networks took a three-pronged approach to address the issue. First, inspired by his time at Cisco, Kothari instilled a culture of saying ‘yes’ to customer requests and a customer-focused product development approach. The company also made a concerted effort to educate stakeholders about the proven benefits of their technology, participating in industry events and working with media publications and respected analysts. Last, they developed a customer reference program to catalyze more recommendations within peer networks. Slowly but surely, Attivo’s reputation began to gain traction.  

Investors started to take notice and in December 2014, the company received a $3 million Seed funding round quickly followed by an $8 million Series A round in April 2015 led by Bain Capital Ventures. Kothari participated in both rounds himself, further investing in the burgeoning company and betting on himself. 

There still wasn’t consensus across the industry, though. The main hangup for customers was still the practicality at scale. Fueled by early-stage funding, Kothari’s team worked through 2015 and 2016 to address concerns with a push to refine their technology based on customer needs and expand their education and reference efforts.  

By early 2017, the efforts had paid off and public perception was reaching a tipping point. Attivo Networks had achieved significant customer growth as more customers moved past experimentation to full budgetary commitment. Respected enterprises with sophisticated security teams including AT&T, Disney, Home Depot, Amgen, Microsoft, and Aflac were now validating Attivo’s technology and approach. The company had developed a full platform with visibility and incident response tools alongside self-learning behavioral deception capabilities.  

Forgepoint Capital (then Trident Capital Cybersecurity), a venture capital firm that had been keeping an eye on deception technologies since 2015, stepped in to offer a partnership. The firm was impressed by Attivo’s technology, core leadership team (assembled by Kothari years earlier), and the favorable reviews from its customers reporting scalable capabilities and easy integrations.  

In May 2017, Forgepoint led Attivo Networks’s $15 million Series B round alongside Omidyar Technology Ventures and Macnica Ventures with the continued participation of Bain Capital Ventures; Kothari increased his own investment in the company as well. The new funding brought an opportunity to fuel global expansion and innovation. With momentum and new partnerships on their side, the Attivo team got to work on their next chapter.  

Attivo Networks experienced an explosion of growth over the next few months. Kothari built out the leadership team to include a CFO and Chief Security Strategist as the company separated from its competitors to grab the leadership position in the deception space. Kothari reflects on the company’s success where all others in the category failed. “We thought differently about the product, rapidly iterating and incorporating customer feedback until our technology was rich with features that outperformed everyone else,” he says. “Looking at things from the customer’s point of view was the key.”

New customer and investor interest followed and in October, Forgepoint led the company’s $21 million Series C round with the continued participation of Omidyar Technology Ventures and Bain Capital Ventures- the second funding round in just five months.  

By the end of 2017, Attivo Networks had achieved over 300% in revenue growth with increased customer adoption across energy, financial, government, healthcare, legal, retail and technology industries. Kothari reflects on the banner year with a sense of gratitude. “Forgepoint stepped in at a time where we were still vulnerable, giving us the guidance and capital needed to grow the business,” he says. Attivo Networks had crossed the chasm. 

Attivo Networks continued to build out its technology for a global market. Using machine learning, the company developed its platform to adapt to any customer environment- from point-of-sale devices to video surveillance cameras and industrial control terminals. They could now create believable and attractive targets to deceive attackers regardless of the attack surface. “We were not only accurately detecting an attacker’s presence, but also rewriting the rules so they had to be right 100% of the time,” Kothari says.  

Attivo Networks had created a new fabric of detection to help security teams protect company networks, reducing both dwell time (how long attackers stay in networks) and breakout time (how long it takes attackers to move laterally). One key development was a new capability securing Active Directory (AD), Microsoft’s popular directory service which was frequently targeted by attackers. It was the first time a company had been able to successfully defend AD without rendering it unusable.  

In June 2019, Attivo Networks closed an additional funding round led by Energy Impact Partners. Kothari and the leadership team used the new partnership to build out the company’s energy sector offerings and utility customer base. The upward trajectory continued.  

By 2022, Attivo Networks had grown to support over 300 customers including 35 Fortune 500 companies (5 of the Fortune 10 at one point) with a team of over 220 employees. The company was the market leader in the newly defined Identity Threat Detection and Response (ITDR) cybersecurity category. 

Identity had officially become the center of the cybersecurity threat landscape. “We had given organizations a critical new weapon in their arsenal to find and fix credential and entitlement weaknesses- they could detect live attacks in real time,” Kothari says. As cybercriminals increasingly targeted vulnerable credentials to move through networks undetected, Attivo stopped attackers in their tracks. 

One of Attivo Networks’s key integration partners, SentinelOne, a market leader in extended detection and response (XDR), had taken notice of the company’s exceptional leadership and capabilities. The partnership set the stage for a major move and in May 2022, SentinelOne completed a $616 million acquisition of Attivo Networks to officially bring identity security to XDR.  

Kothari and his team hit the ground running. “We took advantage of the significant and growing market opportunities within our collective grasp,” he says. “It created a wide range of new opportunities for the entire Attivo Networks ecosystem of employees, customers, and partners.”  

Kothari would go on to lead the Attivo as Senior Vice President and General Manager until July 2023 when he stepped away from the company. “I found the whole experience immensely satisfying,” he reflects. “Now I’m taking some time to be thoughtful about my next endeavor. I want to work on something useful and worthwhile.”  

As he thinks back on Attivo Networks’s legacy, Kothari sees things in simple yet powerful terms. “If you think about it, every major attack starts with attackers stealing identities and credentials, before escalating their privileges to harvest information thereafter,” he says. “Our innovation has effectively taken away attackers’ ability to move laterally inside the network.”