SentinelOne CEO wants to prove that things can (and should) be different in the security industry

What makes SentinelOne different?

Insight: SentinelOne

SentinelOne CEO wants to prove that things can (and should) be different in the security industry

Tomer Weingarten: “The goal is not to become the largest security company in the world. I do want to prove that it is possible to build a company differently.”

SentinelOne’s founder and CEO, Tomer Weingarten, does not want to focus only on growth and making a profit, but wants to build a company that is true to the mission he set for it. “Which is very simple,” he states, “We want to secure and protect everyone.” Then things like market value, revenue and profit don’t always come first: “I would like to establish a different kind of company, with goals that go beyond just revenue and profit.”

A broken industry

We don’t hear the above approach every day, even though these days there is more and more to do around what you might call corporate responsibility. At least at first glance, many other companies, including those within cybersecurity, take a different approach. In particular, companies that have not yet gone public seem intent on reaching a certain market value as quickly as possible before their IPO. This may even be postponed until the desired market cap is reached.

The focus on market value not only comes from the security companies themselves. They more or less have to to this, if the want to raise enough funding from investors every investment round. After a company goes public, there are the shareholders and analysts to keep happy. The market more or less owns the companies. In order to satisfy the market companies can acquire other companies. Those acquisition add to the value of a company, but they don’t always make sense to an objective observer.

SentinelOne is different

Weingarten doesn’t really want to play by the rules we describe above. Sure, he has a certain degree of obligation to shareholders, his own people and the market, but beyond that he is not really all that concerned with it. SentinelOne notices this almost every time the quarterly figures are released, by the way. These rarely generate much enthusiasm among shareholders and analysts.

The lack of enthusiasm about the figures is not based on the quality of SentinelOne’s products and services. It would surprise us if that were the case. The Singularity Platform and the services SentinelOne has built around it are rated high to very high without exception, by analyst firms, at the MITRE ATT&CK Evaluation, but also certainly by end users. For example, after the acquisition of PingSafe, SentinelOne’s CNAPP solution gets the highest score on G2, by end users.

FedRAMP High

In addition, the SentinelOne Singularity Platform is also currently the only XDR/EDR/EPP platform that has the highest possible FedRAMP certification (High, or High Authorization). This means that the U.S. Government can use the Singularity Platform, also in more security-sensitive environments. Solutions that have this certification can handle (very) sensitive data even in (very) sensitive environments. FedRAMP High is still pretty special for a security solution at this point. If we filter for this in the FedRAMP Marketplace, we come up with no more than 18 solutions from 15 vendors.

No competitor of SentinelOne seems to be actively pursuing a FedRAMP High procedure at this time. Crowdstrike Falcon does appear in the FedRAMP Marketplace with the designation ‘Ready,’ meaning that the process could start. It then has to go through ‘In process’ to get to ‘Authorized’. That company will no doubt have other priorities at the moment, after what happened on July 19 of this year. Since the process can easily take two years, they were later than SentinelOne anyway.

When we ask Weingarten if he doesn’t find it annoying that SentinelOne gets so little appreciation from financial analysts and investors every time, despite its excellent numbers, performance and certifications, he says he doesn’t care as much as you might expect. “I use it as fuel,” he indicates. “We’re also one of the fastest growing companies, so it’s just a matter of time before no one can ignore us,” he predicts.

SentinelOne could become the biggest

The above reaction to how a specific part of the market looks at SentinelOne is indicative of the person Weingarten is. He has a vision in his head of what he thinks a security company should look like, and follows that vision regardless of what others think of it. He also gives very few interviews to further explain this vision. The results should eventually reveal whether it is and was the right vision.

SentinelOne is not an everyday security company when it comes to its CEO, that much is clear. That doesn’t mean he wouldn’t like to make the company the biggest security player in the world. He says as much during his keynote at OneCon 2024: “SentinelOne is well positioned to become the next cybersecurity mega-company. The impact we have is second to none and we have clear leadership in many aspects.”

When we ask him about this statement after the keynote, he has a slightly more nuanced view. Just because SentinelOne is well positioned to become the biggest, it does not mean that it necessarily should and will be. “The goal is not to build the largest security vendor. What I do care about is being able to prove that it is possible to build a company differently,” he indicates. Here again, he is referring to the overall approach we described above and the pledge that comes with SentinelOne.

What needs to happen now in the industry and marketplace?

Having a vision is one, turning it into actual products, services and thus revenue is another. That’s something SentinelOne does just fine, we have already observed. However, Weingarten also sees some challenges, which players like SentinelOne must solve. Chief among these is that virtually all organizations use (very) outdated infrastructure. “However, there is no ‘let’s stop and rebuild’ moment in the industry and there isn’t going to be one,” he outlines the problem. In other words, trying to get organizations to buy and build entire new stacks is not the way to go.

So what needs to happen? “First of all, there needs to be a layer that sits over all the existing infrastructure,” according to Weingarten. That’s the only way you can test whether what is connected to a network is actually secure. “If it’s not connected to it, it has to be verified first.” That’s what SentinelOne now wants to accomplish with AI SIEM. AI SIEM is actually the unification of Purple AI and the Singularity Data Lake that SentinelOne has been working on for the last few years.

At first glance, AI SIEM seems to be a label for bundling together two different parts of the SentinelOne platform. However, we would be selling it a bit short if that was our only conclusion. “To make and keep SIEM effective today, it has to be real-time,” Weingarten points out. When something new appears in an organization’s environment, a solution must evaluate it immediately. That has to be in real time, or you’re already too late. That makes AI SIEM substantially different from what is already for sale in this area today, and it also makes AI SIEM more than the sum of its Purple AI and Singularity Data Lake parts.

Having and keeping focus

The move toward security platforms and layers on top of existing infrastructure sounds logical, but security vendors need to get it right and handle it wisely. There are some players in the market who believe they have to offer everything themselves in their own platform. That in itself is a valid point of view, but the question is how tenable it is. Often those players achieve this through acquisitions and mergers. We have seen several such developments in the SIEM world over the last year.

According to Weingarten, who is obviously not objective when it comes to how the industry should do things, that is not the right approach. “You need a very open platform,” he believes. In the end, it’s all about the data anyway. “We don’t need to build a firewall to be able to use the data from firewalls,” he gives as an example. He also realizes that SentinelOne’s platform has to make do with the data it gets. If there are vendors that do not want to give third parties the full data set, because they are pursuing a more locked-in approach, SentinelOne has to make do with what it does get. That’s a danger of this approach. On the other hand, if the movement toward more openness in platforms wins the hearts and minds of the customers, those vendors may not get away with that approach any longer.

One of the reasons Weingarten feels confident that a locked-in platform approach does not work, is the list of vulnerabilities that many of the big platforms have. New ones are added to it every week. “Those are there because those competitors have lost focus,” according to him. For him and SentinelOne, it is important that all the components it offers itself are best-of-breed. The rest goes through integrations. Other players in the market buy all kinds of (old) inventory from other companies. This inventory was and is by no means always best-of-breed. They then integrate it into their own platform, with all the legacy and vulnerabilities that go with it.

Finally, Weingarten targets Microsoft. That, of course, is the ultimate example of a huge platform. However, it is also a very big target for attackers. Based on what has happened in the past year alone, it is safe to say that the security of that platform is far from in order. Yet organizations continue to cling to that platform because it is so deeply woven into everything they do. “The power that Microsoft has is very corruptive”, he says. We really need to get rid of that power as soon as possible.

Big challenge for SentinelOne

It will not be easy for SentinelOne to beat the major platforms. However, Weingarten is determined to keep doing it this way. Not only because of the quality of the platform SentinelOne offers, but also certainly because of how that fits the day to day realities that companies face. He is so confident in what he and his people have built that he has no doubt it will succeed. “Ultimately, people have to try and judge us,” he says. He is confident that that assessment will be positive, that much is beyond question.

Also read: SentinelOne brings autonomous SOC one step closer