a. SentinelOne 101
Endpoint:
SentinelOne's endpoint niche is the crown jewel of its overarching Singularity Platform. It specializes in small-and-medium-sized business (SMB) clients and is expanding upmarket.
Endpoint Detection and Response (EDR) offers constant monitoring and protection of endpoints. It uses platform data & insights to find, triage & fix observed threats. It offers highly autonomous services and a slick, lightweight agent to drive efficient, interoperable work. Their ability to openly share data across various platform modules uplifts coverage and product quality across the board. It drives cross-selling and enables seamless expansion into other security niches. It also offers Extended Detection & Response (XDR). XDR is essentially EDR with more diverse data usage to extend protection beyond solely the endpoint.
Data:
Endpoint (and its other product categories) is heavily reliant on access to large sums of relevant data. With this in mind, SentinelOne boasts a complementary data analytics platform called Singularity Data. It’s the perfect sidekick for everything SentinelOne offers, as it can seamlessly collect data once (from a multitude of sources), and recycle that data across several relevant use cases. Its Data Lake is the repository used to ingest all of this data. Its Security Information and Event Management (SIEM) offering uses this streamlined data to derive new insights and patterns, augmenting security observability, expediting root cause analysis and improving outcomes. They think their SIEM provides superior querying speed & cost vs. alternatives.
Data Lake + SIEM form its Security Operations Center (SOC) foundation. Like Palo Alto, they want to be the SOC operating system. This makes them a client’s central vendor of record, providing an end-to-end operational view and ample remediation capabilities.
Like MongoDB, Snowflake and other enterprise software firms, SentinelOne helps with data modernization & migration. That gets them paid directly and is also a platform-level adoption prerequisite. Here, SentinelOne can prep messes of unstructured data to power data migrations without unconditionally ingesting everything. There’s a pre-SIEM filter that helps cut irrelevant or malicious data out of the equation and can lower storage costs by 80% and naturally makes their SIEM more efficient and scalable. This filter also helps shorten threat remediation time by 55%. SentinelOne acquired Observo and that firm’s modern data pipeline to bolster these capabilities and form what they call the “AI-ready data pipeline.”
Cloud:
- Cloud Native Application Protection Platform (CNAPP). This is a buzz phrase used to describe a firm’s full set of cloud tools.
- Cloud Workload Protection (CWP). It’s an agent-based, runtime cloud protection tool to observe bad behavior. It sounds the alarm bell for SentinelOne’s automated breach prevention and, if needed, the Wayfinder team.
- Cloud Security and Posture Management (CSPM) reports vulnerabilities and conducts cloud configuration analysis. It can flag improper permissions or hygiene. It doesn’t stop breaches in isolation, but does offer needed alerts, which frees other cloud tools like CWP to do so. AI-SPM extends CSPM offering to AI apps and models.
- Cloud Infrastructure Entitlement Management (CIEM) offers oversight of access controls/entitlements for cloud assets. It can flag when minimum permission principles aren’t being followed to resolve improper permissions more quickly.
- It has tight integrations with cloud titans like AWS, Google Cloud & NetApp.
More on AI Work & SOC:
PurpleAI is SentinelOne’s AI assistant that lowers major security event likelihood by 60% and boasts a 338% 3-year return on investment for customers. It’s quite similar to CrowdStrike’s Charlotte AI, in that it can actively detect anomalies, rank threats, summarize cases, help orchestrate remediation and resolve issues. It also recently added natural language threat hunting for analysts to further lower the talent barrier. All of this pushes beginner-level security analysts to much higher levels of capability. This matters a lot in our budget and talent-constrained world.
SentinelOne also helps firms safely and confidently use models, apps and agents. It protects companies against improper or unknown AI usage and risks from their employees, guards sensitive data and provides GenAI coding agent security. It removes the trade-off between more AI and worse security. These capabilities were added via Prompt Security M&A.
They recently debuted the “Agentic AI SOC” to build on their existing SOC by infusing new workflow automation capabilities. It includes Purple AI as the orchestrator and plugs neatly into SentinelOne’s other products. Virtually all of a customer’s data and security tools in one place. With the AI SOC launch, they added new autonomous investigations (with real-time logic and dynamic reasoning) to drive end-to-end investigations based on prioritized alerts. It also added a Model Context Protocol (MCP) server, allowing SentinelOne and 3rd-party agents to more seamlessly interact and foster more complex, utility-fostering workflows.
Managed Threat Detection & Response:
Wayfinder is the name of its Managed Threat Detection and Response (TDR) offering that combines the best of analyst-based & machine-based protection. Companies get Google’s world-class analysts and SentinelOne’s world-class AI, removing the need to build their own expensive security teams.
Identity:
SentinelOne offers Identity Threat Detection & Response (ITDR) to drive minimum permission framework, uncover improper access and quickly fix it. Their Identity Attack Surface Management (IASM) product is the perpetual permissions monitor, ensuring issues are found and understood more quickly. They deliver identity, cloud, endpoint and all other categories through a single console, driving interoperability, enriching XDR & fostering ease of use.