6 min Security

SentinelOne acquires PingSafe and takes big step in cloud security

SentinelOne acquires PingSafe and takes big step in cloud security

CNAPP from PingSafe fits seamlessly into SentinelOne’s existing cloud security offering, bringing an innovative Offensive Engine to market. The combination of the existing SentinelOne platform and PingSafe should create less noise for SOC staff and security teams. The eventual integration into SentinelOne’s Singularity platform will provide greater visibility and, ultimately, insight.

SentinelOne has already made a name for itself as an EDR and then XDR platform. By integrating with the Singularity Security Data Lake and adding Purple AI, it can extract more and more insights from telemetry and other security data residing in that datalake. In the area of cloud security, however, there was still something to be gained. SentinelOne did make strides here, especially in the areas of Cloud Workload Protection and Cloud Data Security. However, it did not yet have a full-fledged CNAPP, or Cloud Native Application Protection Platform. That is changing today. SentinelOne just announced they acquired PingSafe in a cash and stock deal.

CNAPP is table stakes

A CNAPP is not hugely exciting or innovative these days, you might think. After all, there are already a lot of providers on the market. Whether it is a big player like Palo Alto Networks, slightly less big players like CrowdStrike and Zscaler or relatively small ones like Wiz and Orca Security, they all offer something they market as CNAPP. There are differences, by the way, in what security companies call a CNAPP, as CNAPP is an umbrella term for several other components. These include Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP). Not all CNAPPs offer the exact same features and components.

It would take us too far here to fully analyze the various CNAPPs. However, the observation that there are significant differences in the available offerings is a good bridge to what makes PingSafe so interesting to SentinelOne. The company already offers Cloud Workload Protection, so it could also have chosen to develop the CSPM component itself. SentinelOne certainly considered the latter, CPO and CTO Ric Smith admits when asked about it. Since there have already been competitors successfully entering the market in the past year and a half, it was smarter to make an acquisition.

Why PingSafe?

Acquiring a CNAPP platform was seen by SentinelOne as the best strategy. Why is SentinelOne buying a small start-up that has only been out of stealth for six months and thus still has everything to prove?

The first part of the answer to the above question has to do with the people behind PingSafe, especially its CEO, Anand Prakash. He may have started PingSafe in 2022, but he has an impressive resume. Worldwide, he is one of the top five white hat hackers. He has directly and indirectly “helped over 400 companies build secure systems, especially as they transitioned to cloud computing,” Smith said. So he has a lot of experience in cloud security. That must be reflected in PingSafe’s CNAPP.

Excellent start in the market

It is also worth noting that although PingSafe is still a small player, in that six to seven months they have been on the market they have already managed to sign up some great customers. “PingSafe is winning customers over large incumbents due to our innovative approach to addressing cloud security,” states PingSafe CEO Prakash in conversation with us. This early success has also allowed PingSafe to “to adapt and innovate more quickly than larger players in the market” he continues. That’s one of the benefits of being a smaller company without any legacy to worry about.

A second part of the answer to the question of why SentinelOne chose PingSafe is that its hacker background created a fundamentally different product. Thanks to this background, “they [the founders of PingSafe, ed.] recognized the shortcomings of existing cloud security solutions and developed a unique approach to address this by bringing an attacker’s mindset to the problem,” according to Rob Salvagno, SVP Corporate Development at SentinelOne. Smith endorses this as well. He states that SentinelOne has experiences as a customer of both Wiz and Orca Security. “When we assessed PingSafe, it revealed risks the others had missed, demonstrating its effectiveness and solidifying our decision to choose them,” he states.

Less noise through Offensive Engine

So the founders’ hacker or attacker mentality has a fundamental impact on PingSafe’s CNAPP. This is a completely different beast from anything else available on the market, we hear. Most prominent is the Offensive Engine, or Offensive Security Engine. With it, PingSafe simulates actual attacks. This is not just about Attack Paths. That’s something you see pretty much everywhere in this segment of the security market. This is about the routes that are actually dangerous. After all, there are all kinds of attack paths that are only dangerous in theory. What you want is to filter the Exploit Paths out of those. That’s what the Offensive Security Engine does.

Assuming that PingSafe’s Offensive Engine is successful (and we have no reason to believe it isn’t), this approach yields many benefits. In general, it makes risk analysis a lot easier. The security team no longer has to chase all the Attack Paths. “This is about distinguishing the vital signals from the irrelevant noise,” Smith summarizes. This is very important given the increasing threats in the cloud and limited resources.

More visibility through integration into SentinelOne Singularity platform

Less noise is definitely beneficial when it comes to cloud security. In addition, the integration of PingSafe CNAPP makes the SentinelOne Singularity platform much more powerful than it already is now. SentinelOne has already done quite a bit in the area of cloud security recently. The partnership with Snyk that the company announced at OneCon in November is a good example. With the integration of PingSafe, however, it is taking a big step within its own platform when it comes to cloud security.

Such a big step is of course of interest to SentinelOne itself. After all, it now offers more functionality within its own platform. This, by the way, is not to say that the partnerships with Wiz and other CNAPP players will be terminated. Those will continue to exist. However, SentinelOne can now offer customers more overview and insight within its own platform. Especially once the integration is fully done in about a year’s time (that is the plan, at least). This allows a CISO to shorten the vendor list. That’s interesting for two reasons, according to Smith: “simplifying operations and negotiating better deals through larger purchases with a single vendor.”

Finally, it’s also worth noting that simplifying operations also brings higher user-friendliness. That’s not insignificant either. There is a shortage of good people in cybersecurity as it is, and a more user-friendly platform also is a more efficient platform. The insights from the platform as a whole also become more useful to security teams. PingSafe’s CNAPP is now part of the bigger picture at SentinelOne, the Singularity Operations Center. That’s a holistic approach, which we recently wrote an extensive article about (see link below). That approach has become even more holistic with today’s acquisition.

Also read: SentinelOne XDR platform and Security Datalake get Gen AI boost