SentinelOne CEO Tomer Weingarten: Google is a better home for Mandiant than Microsoft

Weingarten also told Protocol that he sees ransomware as a “fixable problem” and that major enterprises are increasingly ready to put their trust in AI/ML.

SentinelOne co-founder and CEO Tomer Weingarten

"If you can apply machine learning at scale, for every part of the enterprise, and get full visibility of all the assets that you have — that to me is the holy grail of how you reimagine the network."

Photo: SentinelOne

For a company on a growth tear like SentinelOne, the fact that Google, and not Microsoft, will be acquiring one of its major partners is just one of the things that co-founder and CEO Tomer Weingarten counts as a blessing.

While still a small player in endpoint security compared to rivals CrowdStrike and Microsoft, SentinelOne is a challenger they can’t ignore. Revenue surged by 109% during the cybersecurity and data analytics vendor’s latest quarter, reaching $78.3 million — a pretty nice growth rate for a nearly decade-old, publicly traded company.

Its initial public offering last year, meanwhile, valued the company at $8.9 billion and remains the largest cybersecurity IPO ever. There are indications SentinelOne is gaining ground in the endpoint security market faster than any major vendor.

The company got some potentially unhelpful news in February, though. On the same day that SentinelOne announced a partnership with prominent incident response provider Mandiant, Bloomberg reported that Microsoft was in acquisition talks with the cybersecurity powerhouse. That combination would have raised questions about whether Microsoft would prioritize the use of its own endpoint security tools by Mandiant, potentially complicating SentinelOne’s relationship with Mandiant just as it was getting off the ground.

In an interview with Protocol, Weingarten weighed in on Google's eventual deal to acquire Mandiant. He also spoke about the growing enterprise acceptance of AI/ML for security, the central role of extended detection and response (XDR) and why ransomware is more solvable than many realize.

This interview has been lightly edited for clarity and brevity.

You’ve been a public company for more than a year now. Who do you see as your main competitors at this stage, and what is your biggest differentiator from them?

In the endpoint market, clearly it’s Microsoft and CrowdStrike. They're out there with solid products, solid offerings. If you look at what we do differently — which goes back to our roots — it’s that we wanted to build a fully autonomous platform that would actually detect and disrupt attackers in real time, with no human intervention. That's how we designed our platform. We knew it could only happen on the back of monitoring every workload in the enterprise environment, and we started with endpoints. Then we apply artificial intelligence or machine learning to create real-time responses that are based on algorithms, not based on humans trying to sift through alerts.

Endpoint protection is obviously our core market. But we also have cloud workload protection as an adjacent surface in the enterprise. Then we also have identity protection, which comes off the back of the acquisition that we just did of Attivo Networks. So we play in three different [markets] within security. We also have a complete data analytics [offering] with nearly 400 customers.

In terms of Microsoft, how do you see its growing focus on its own security business impacting the cybersecurity industry?

I think their strategy doesn't serve the security industry, and security, period. I think that if they took the amount of effort that they're putting on building security products for revenue-generating purposes, and they put it into actually solving for vulnerabilities, improving their own product security — we would all be in a much, much better place.

You’re not unbiased of course.

Even before Microsoft came into endpoint security, in earnest, I was saying the same thing [about Microsoft vulnerabilities]. Back then, I think we saw the same things.

Given your partnership with Mandiant, would it have been a concern for you if Microsoft had been the winning bidder for Mandiant, instead of Google?

We work with 150 different incident response providers. So Mandiant is just one of them. We have KPMG, we have Kroll. We're the technology stack that enables them to deal with breaches. All in all, I'm just glad for the Mandiant team, that they'll be able to scale their business and what they're doing.

[But] another way of looking at it is, just look at how Google is treating that acquisition. Basically they're saying, "Mandiant is here to work with all security providers." I'm quite certain that if Microsoft had acquired Mandiant, that's not the message that you would hear. It would be much more of a closed-garden approach.

You mentioned your AI-focused approach as a differentiator from your competitors. What benefits does SentinelOne’s use of AI/ML bring to security teams?

We have very robust, automated technology that we built over time. And it translates into disrupting and preventing threats, not just responding to threats. I think [threat response] is where you see some of our competitors. That was their focus over the years — building a better response mechanism. With us, you can get rid of your incumbent antivirus, you can get rid of the stack that you had before. And this system that we're giving you does it all. It puts a large emphasis on deflecting attacks autonomously with technology. So to me, this will remain as one of our core differentiators.

Then you can go and really look at the breadth and depth of the platform, [which has] 25 different modules, for everything from endpoint security to endpoint management to mobile security. It's a very broad-based solution. And that in itself is already painting a very different picture for the buyer in the enterprise. Buyers today can buy some of these components from [other vendors], but it's not a holistic platform that does the work for you. Those are components that you're going to have to figure out how to use together. For us, we just tried to put a cohesive fabric in your enterprise. And so far, it's been showing a lot of success.

I hear a lot about the fact that many security practitioners are now very skeptical about AI. What would you say to the AI skeptics out there?

I agree that AI and ML have been completely overhyped. [There’s been] this very romanticized view of what AI and machine learning is — like, a robot doing everything for you. That's not really the case. But when we talk about operationalizing AI and machine learning, I think that cybersecurity is one of the two areas in our life today that is seeing meaningful [results]. Cybersecurity and [autonomous driving technology] are the two areas in operationalized standalone machine learning that are actually delivering some tangible outcomes.

Let's not get too romantic about it — AI is just the ability to have an algorithm that understands anomalies and is smart enough to make a decision.

And in cybersecurity, that tangible outcome is the algorithms are able to discern whether something is bad or good, in such a high accuracy level, that they can also take the action. They can also stop something, or allow something else. Let's not get too romantic about it — AI is just the ability to have an algorithm that understands anomalies and is smart enough to make a decision. If it's “operationalized,” that means it's accurate enough. It can actually work. In our case, we secure three of the Fortune 10 and some of the most critical infrastructure out there — [including] federal agencies. And if you think about it, what they're trusting to make all these decisions — what gets in, what doesn't get in — they're trusting the algorithm.

What’s the ultimate potential for this technology?

It's just the beginning. A new paradigm is really needed. And that paradigm really is a very natural evolution of what we've done in EDR [endpoint detection and response] [around securing] laptops and desktops and virtual devices. Now, our job is to extend that to every asset that you have in the enterprise, to allow you to really reimagine your network via the monitoring of all of these devices. And if you can apply machine learning at scale, for every part of the enterprise, and get full visibility of all the assets that you have — that to me is the holy grail of how you reimagine the network.

So you’re talking about XDR?

XDR is the foundational technology and stack that would allow you to gain that control over all of these devices. And then, once you see them — once you get the telemetry, once you know what's in your network — the next step is [to] apply machine learning at scale, so you can now control these devices and protect these devices.

What could this type of approach mean for the battle against ransomware? Is ransomware actually fixable in your view?

I think it's a fixable problem. I think it's also probably a decade-long problem to fix. It will take quite a bit of work. You need to restart your network. You need to enroll your devices and your workloads into something new. [But] we're giving people more and more tools, so they can have that fresh start. That's probably one of the only ways to deal with all the different gaps in the modern network.

I also think that we did make a dent — all of us collectively — in ransomware. Because we changed the M.O. for ransomware out there. Ransomware is now less about shutting down devices. It's more about data exfiltration. So, the attackers have also shifted what they do and how they do it. Because, especially for more modern EDR environments, it's just become tougher to actually encrypt devices and shut down devices. So now they're focused on the user angle. Now they're focused on trying to socially engineer users, and just go after credentials, not after machines — and then exfiltrate data and hold that data hostage, not the machine hostage. Which is a big difference from where it was a year or two years ago.

Looking ahead, what’s on your mind when it comes to the worsening outlook for the economy, and what it could mean for SentinelOne?

In many cases, we sell a complete modernized stack to actually replace the legacy stack and the on-prem stacks that enterprises have. When you buy something from a company like ours, in many cases that actually leads to cost reduction. While it translates to spend with us, it does also translate into cost-saving for a lot of these enterprises. So when you look at some of these folks out there, even in a more tough macroeconomic state, they’re still looking to save, they’re still looking to find ways to reduce cost on data processing.

Obviously, data processing has grown exponentially. The amount of data that needs to be collected and stored for longer periods of time has accelerated significantly. The solutions that were there to house all that data were architected 10 or 15 years ago. Today, you can just opt to [buy] much more cost-effective solutions to house that data. I think a lot of the enterprises are also looking to the next generation of solutions as a means for cost reduction and better efficiency in their own respective businesses. That's obviously very positive for us.


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories