For a company on a growth tear like SentinelOne, the fact that Google, and not Microsoft, will be acquiring one of its major partners is just one of the things that co-founder and CEO Tomer Weingarten counts as a blessing.
While still a small player in endpoint security compared to rivals CrowdStrike and Microsoft, SentinelOne is a challenger they can’t ignore. Revenue surged by 109% during the cybersecurity and data analytics vendor’s latest quarter, reaching $78.3 million — a pretty nice growth rate for a nearly decade-old, publicly traded company.
Its initial public offering last year, meanwhile, valued the company at $8.9 billion and remains the largest cybersecurity IPO ever. There are indications SentinelOne is gaining ground in the endpoint security market faster than any major vendor.
The company got some potentially unhelpful news in February, though. On the same day that SentinelOne announced a partnership with prominent incident response provider Mandiant, Bloomberg reported that Microsoft was in acquisition talks with the cybersecurity powerhouse. That combination would have raised questions about whether Microsoft would prioritize the use of its own endpoint security tools by Mandiant, potentially complicating SentinelOne’s relationship with Mandiant just as it was getting off the ground.
In an interview with Protocol, Weingarten weighed in on Google's eventual deal to acquire Mandiant. He also spoke about the growing enterprise acceptance of AI/ML for security, the central role of extended detection and response (XDR) and why ransomware is more solvable than many realize.
This interview has been lightly edited for clarity and brevity.
You’ve been a public company for more than a year now. Who do you see as your main competitors at this stage, and what is your biggest differentiator from them?
In the endpoint market, clearly it’s Microsoft and CrowdStrike. They're out there with solid products, solid offerings. If you look at what we do differently — which goes back to our roots — it’s that we wanted to build a fully autonomous platform that would actually detect and disrupt attackers in real time, with no human intervention. That's how we designed our platform. We knew it could only happen on the back of monitoring every workload in the enterprise environment, and we started with endpoints. Then we apply artificial intelligence or machine learning to create real-time responses that are based on algorithms, not based on humans trying to sift through alerts.
Endpoint protection is obviously our core market. But we also have cloud workload protection as an adjacent surface in the enterprise. Then we also have identity protection, which comes off the back of the acquisition that we just did of Attivo Networks. So we play in three different [markets] within security. We also have a complete data analytics [offering] with nearly 400 customers.
In terms of Microsoft, how do you see its growing focus on its own security business impacting the cybersecurity industry?
I think their strategy doesn't serve the security industry, and security, period. I think that if they took the amount of effort that they're putting on building security products for revenue-generating purposes, and they put it into actually solving for vulnerabilities, improving their own product security — we would all be in a much, much better place.
You’re not unbiased of course.
Even before Microsoft came into endpoint security, in earnest, I was saying the same thing [about Microsoft vulnerabilities]. Back then, I think we saw the same things.
Given your partnership with Mandiant, would it have been a concern for you if Microsoft had been the winning bidder for Mandiant, instead of Google?
We work with 150 different incident response providers. So Mandiant is just one of them. We have KPMG, we have Kroll. We're the technology stack that enables them to deal with breaches. All in all, I'm just glad for the Mandiant team, that they'll be able to scale their business and what they're doing.
[But] another way of looking at it is, just look at how Google is treating that acquisition. Basically they're saying, "Mandiant is here to work with all security providers." I'm quite certain that if Microsoft had acquired Mandiant, that's not the message that you would hear. It would be much more of a closed-garden approach.
You mentioned your AI-focused approach as a differentiator from your competitors. What benefits does SentinelOne’s use of AI/ML bring to security teams?
We have very robust, automated technology that we built over time. And it translates into disrupting and preventing threats, not just responding to threats. I think [threat response] is where you see some of our competitors. That was their focus over the years — building a better response mechanism. With us, you can get rid of your incumbent antivirus, you can get rid of the stack that you had before. And this system that we're giving you does it all. It puts a large emphasis on deflecting attacks autonomously with technology. So to me, this will remain as one of our core differentiators.
Then you can go and really look at the breadth and depth of the platform, [which has] 25 different modules, for everything from endpoint security to endpoint management to mobile security. It's a very broad-based solution. And that in itself is already painting a very different picture for the buyer in the enterprise. Buyers today can buy some of these components from [other vendors], but it's not a holistic platform that does the work for you. Those are components that you're going to have to figure out how to use together. For us, we just tried to put a cohesive fabric in your enterprise. And so far, it's been showing a lot of success.
I hear a lot about the fact that many security practitioners are now very skeptical about AI. What would you say to the AI skeptics out there?
I agree that AI and ML have been completely overhyped. [There’s been] this very romanticized view of what AI and machine learning is — like, a robot doing everything for you. That's not really the case. But when we talk about operationalizing AI and machine learning, I think that cybersecurity is one of the two areas in our life today that is seeing meaningful [results]. Cybersecurity and [autonomous driving technology] are the two areas in operationalized standalone machine learning that are actually delivering some tangible outcomes.
Let's not get too romantic about it — AI is just the ability to have an algorithm that understands anomalies and is smart enough to make a decision.
And in cybersecurity, that tangible outcome is the algorithms are able to discern whether something is bad or good, in such a high accuracy level, that they can also take the action. They can also stop something, or allow something else. Let's not get too romantic about it — AI is just the ability to have an algorithm that understands anomalies and is smart enough to make a decision. If it's “operationalized,” that means it's accurate enough. It can actually work. In our case, we secure three of the Fortune 10 and some of the most critical infrastructure out there — [including] federal agencies. And if you think about it, what they're trusting to make all these decisions — what gets in, what doesn't get in — they're trusting the algorithm.
What’s the ultimate potential for this technology?
It's just the beginning. A new paradigm is really needed. And that paradigm really is a very natural evolution of what we've done in EDR [endpoint detection and response] [around securing] laptops and desktops and virtual devices. Now, our job is to extend that to every asset that you have in the enterprise, to allow you to really reimagine your network via the monitoring of all of these devices. And if you can apply machine learning at scale, for every part of the enterprise, and get full visibility of all the assets that you have — that to me is the holy grail of how you reimagine the network.
So you’re talking about XDR?
XDR is the foundational technology and stack that would allow you to gain that control over all of these devices. And then, once you see them — once you get the telemetry, once you know what's in your network — the next step is [to] apply machine learning at scale, so you can now control these devices and protect these devices.
What could this type of approach mean for the battle against ransomware? Is ransomware actually fixable in your view?
I think it's a fixable problem. I think it's also probably a decade-long problem to fix. It will take quite a bit of work. You need to restart your network. You need to enroll your devices and your workloads into something new. [But] we're giving people more and more tools, so they can have that fresh start. That's probably one of the only ways to deal with all the different gaps in the modern network.
I also think that we did make a dent — all of us collectively — in ransomware. Because we changed the M.O. for ransomware out there. Ransomware is now less about shutting down devices. It's more about data exfiltration. So, the attackers have also shifted what they do and how they do it. Because, especially for more modern EDR environments, it's just become tougher to actually encrypt devices and shut down devices. So now they're focused on the user angle. Now they're focused on trying to socially engineer users, and just go after credentials, not after machines — and then exfiltrate data and hold that data hostage, not the machine hostage. Which is a big difference from where it was a year or two years ago.
Looking ahead, what’s on your mind when it comes to the worsening outlook for the economy, and what it could mean for SentinelOne?
In many cases, we sell a complete modernized stack to actually replace the legacy stack and the on-prem stacks that enterprises have. When you buy something from a company like ours, in many cases that actually leads to cost reduction. While it translates to spend with us, it does also translate into cost-saving for a lot of these enterprises. So when you look at some of these folks out there, even in a more tough macroeconomic state, they’re still looking to save, they’re still looking to find ways to reduce cost on data processing.
Obviously, data processing has grown exponentially. The amount of data that needs to be collected and stored for longer periods of time has accelerated significantly. The solutions that were there to house all that data were architected 10 or 15 years ago. Today, you can just opt to [buy] much more cost-effective solutions to house that data. I think a lot of the enterprises are also looking to the next generation of solutions as a means for cost reduction and better efficiency in their own respective businesses. That's obviously very positive for us.