ActiveEDR from the Newest Cyber Unicorn

With its recent $200M Series E round, Mountain View-based SentinelOne is now the cyber security industry’s newest unicorn. (The company also raised an additional $120M in a Series D round just a few months ago.) Founded in 2013 by Tomer Weingarten, SentinelOne focuses on endpoint security – with its marketing crosshairs focused on those companies perceived as the main competition: Microsoft, CrowdStrike, and Blackberry/Cylance.

I wanted a deeper look inside this growing firm, so I asked Jared Phipps, VP of Worldwide Sales Engineering, to serve as my tour guide. Phipps took me through the platform design, solution offering, and corporate history – and I must say that the overall picture at SentinelOne looks impressive. In particular, the company has managed to unify the best aspects of modern endpoint security into one autonomous, AI-based platform.

“At SentinelOne, we’ve developed a unique cyber security platform that combines patented behavioral artificial intelligence with the industry’s first unification of endpoint protection (EPP) and endpoint detection and response (EDR),” explained Phipps. “We describe our solution as ActiveEDR to draw contrast with more passive EDR solutions that rely on human beings to parse through information stored in databases to find indicators.”

The flagship SentinelOne offering is called Singularity, their XDR platform supporting endpoint security tasks related to prevention, detection, response, and hunt across the enterprise, IOT and Cloud Workloads. The endpoint protection is achieved using AI algorithms that operate close to the endpoint asset. This allows behaviors to be autonomously examined and pro-actively mitigated without the need to stream log output to a database for human analysis.

The endpoint solution includes a managed overlay called Vigilance which had an average “time to resolution” of 22 minutes, and the platform also extends to emerging IoT devices. “The SentinelOne Ranger solution is designed to reduce the risk of malware being exploited on IoT devices such as printers,” explained Phipps. “We support automated hunting for rogue devices in an enterprise network, with the goal of enforcing security policies on all devices and protecting the enterprise from threats originating from IOT devices.”

As a TAG Cyber industry analyst, my task is to identify and highlight for you the salient aspects of companies such as SentinelOne to assist in your own understanding, and eventual source selection. Sometimes, this involves identifying and sharing a unique corporate back story, perhaps belonging to the founder. Other times, it involves pointing out patents for game changing inventions, perhaps based on work in academia.

But for SentinelOne, the most important aspect of their solution involves the integration of many features into one platform including autonomy, artificial intelligence, IoT security, and obviously endpoint security. The autonomous AI enables ActiveEDR – and this goal of assisting the human hunter and driving automated response and recovery capabilities seems attractive. SentinelOne describes this as “having a SOC on every endpoint”. I would expect other vendors to begin using the term ActiveEDR as well.

The competition in endpoint security is tough – and as mentioned above, having competitors such as Microsoft, CrowdStrike, and Blackberry/Cylance is no picnic. CrowdStrike, in particular, emphasizes the use of automation near the endpoint to assist in the hunt task with pre-trained agents that utilize AI for detection. So, even with a fresh $200M in the bank, SentinelOne will have to invest wisely and continue to innovate aggressively.

That said, it doesn’t require going far out on limb to predict good things for this company. In a recent TechCrunch article, Tomer Weingarten is quoted as having said in an interview that an IPO “would be the next logical step” for SentinelOne. Regardless of what the company decides, the influx of investment, which is expected to more-than-double headcount in the coming years, should push SentinelOne toward continued accelerated growth.

If you are concerned with endpoint security – and if you work in an enterprise, then this should be a foregone conclusion, then I strongly recommend that you include SentinelOne high up in your source selection planning. The company is the real deal, and I think time spent with an executive such as Jared Phipps will be wisely invested. As always, after you speak with SentinelOne, please let us all know what you learned.

I look forward to hearing from you.