SentinelOne and Google Cloud deepen partnership towards autonomous security

SentinelOne and Google Cloud deepen partnership towards autonomous security

Integrations between security vendors are crucial to getting organizations’ cyber resilience right. SentinelOne and Google Cloud understand that too. Today, the two vendors announced an expansion of their already existing collaboration. What exactly it entails, you can read below.

SentinelOne and Google Cloud are no strangers to each other. SentinelOne is a so-called “strategic endpoint vendor” of Mandiant Consulting. Just last year we reported on a collaboration between Mandiant Threat Intelligence and SentinelOne, resulting in Singularity Threat Intelligence. This gives security teams the combination of the SentinelOne Singularity platform (which includes the company’s well-known XDR solution) and Mandiant Threat Intelligence, in a single environment. It promises these teams end-to-end visibility into the threat landscape. It also provides insights on which immediate action can be taken.

The partnership between SentinelOne and Mandiant gets some significant new momentum today. The two players are entering a new phase of their strategic partnership, as they call it. Where until now it was an integration between SentinelOne and Mandiant Threat Intelligence, it is now an integration between SentinelOne and Mandiant Consulting.

Deeper integration between SentinelOne and Google Cloud/Mandiant Consulting

The above distinction between Mandiant Threat Intelligence and Mandiant Consulting may not seem that important. For us, however, it points to a broader and deeper integration and collaboration. Singularity Threat Intelligence was primarily a one-way street, with SentinelOne accessing Mandiant Threat Intelligence’s data and adding it to its own platform. Today’s expansion comes across as much more of a two-way street. SentinelOne and Mandiant are going to share telemetry between themselves in order to achieve the best security insights.

Certainly in the security landscape, two usually know more than one. This is clear at almost every security event we attend. Virtually every single security company presents numbers that are supposed to show that their solution or platform detects a lot of attacks and threats that other tools don’t. If that is really true, organizations would do well to build in some degree of risk diversification, and not to put all their proverbial eggs in a single basket. However, it’s a lot easier (and probably more affordable) if the security providers themselves take steps in that direction. So the fact that SentinelOne and Google Cloud/Mandiant Consulting are now going to build that out is a good thing.

Purple AI gets a Gemini boost

In addition to sharing telemetry, the collaboration will also allow SentinelOne to get even more out of that data. As part of the collaboration, it also gets access to Google’s Gemini 1.5 Pro and Flash AI models. And that, in turn, fits very well with what SentinelOne wants to achieve with Purple AI (and with the Singularity Platform).

Purple AI is SentinelOne’s “autonomous SOC analyst.” The idea is that Purple AI not only outperforms an AI deployed as an assistant, but also ensures that a SOC becomes accessible to many more organizations. Among other things, that should ensure that the cyber resilience of the market at large is jacked up.

Good steps in the right direction

Without collaborations like the one between SentinelOne and Google Cloud/Mandiant, it is hardly possible, if at all, to set up security optimally. For that, the problems and also the solutions are simply too diverse. Sure, it is possible to take handle a large chunk of an organization’s security within a single platform, but no security vendor can and will escape integrations with other security vendors, sometimes even direct competitors. SentinelOne has been rather vocal about this for some time (perhaps also in part because of the bigger size of some of its competitors, but still), and we see more and more vendors in the market doing this. This is a good thing as far as we are concerned, because at least in theory, the organizations that need to be protected are reaping the benefits.