SentinelOne XDR enables growing list of top incident response firms

Did you miss a session from the Future of Work Summit? Head over to our Future of Work Summit on-demand library to stream.

SentinelOne today announced it has expanded the ranks of its incident response partners with a prominent addition, KPMG, which is utilizing the vendor’s Singularity XDR platform to bring greater automation to its cyber investigations for customers.

SentinelOne told VentureBeat that it now has more than 130 incident response (IR) partners in total, up from 29 at the beginning of 2021. The cybersecurity firm — which went public last June and has a market capitalization above $11 billion — began providing technology to enable IR partners in 2020. Other major IR partners for SentinelOne include Kroll, Alvarez & Marsal, and Blackpanda.

KPMG’s cyber practice employs 550 security professionals in the U.S. and 5,000 globally, and the firm has been using SentinelOne’s extended detection and response (XDR) technology to aid its investigations of data breaches. In particular, XDR technology from SentinelOne’s acquisition of Scalyr last year has proven to be a “game changer” in terms of automating and accelerating KPMG’s IR work, said David Nides, principal for cyber response services at KPMG.

The Scalyr XDR technology brings capabilities for rapidly ingesting and correlating data from endpoints, making it possible for IR investigators to more easily search and query the data, according to SentinelOne and KPMG.

The technology provides “everything in a centralized location for you to query — and to ultimately answer the questions that need to be answered,” Nides told VentureBeat. “How did the attackers get into the environment? What type of unauthorized activities did they perform? Did they remove anything from the environment? For all of those really concerning types of questions — we’re able to get better information, and get it faster.”

Growing the ranks

KPMG became an IR partner of SentinelOne last July, though the partnership was not disclosed until today.

Along with KPMG, IR firms that became SentinelOne partners during the second half of 2021 included BlueVoyant, Orange Cyberdefense, Sopra Steria, Dubex, and UMB AG.

Revenue from IR partners grew four times last year, compared to the year before, said Nicholas Warner, chief operating officer at SentinelOne.

“We made a strategic decision a few years ago to totally focus on being a solution and technology provider, not a services firm,” Warner said in an interview with VentureBeat. “And so what these large firms, like a KPMG, can be totally assured of is, we’re not competing with them. We’re enabling their business. We’re focused on delivering the right technology for them to supercharge their own incident response and other security services.”

SentinelOne’s Singularity XDR leverages AI and machine learning technologies to provide threat mitigation and remediation, as well as ransomware rollback.

“Really what makes us different, from a usability perspective, is that we’re far more autonomous,” Warner said. “What we’ve built relies much more heavily on machine learning than any other technology in the space. And what that means is, we require a lot less human intervention.”

While less than 5% of organizations are using XDR today, that’s expected to climb to 40% by 2027, according to a recent report from Gartner.

Along with SentinelOne, XDR vendors listed by Gartner in the report include Check Point, Cisco, CrowdStrike, Cybereason, Microsoft, Palo Alto Networks, Sophos, and VMware. The report also mentions McAfee Enterprise and FireEye, which merged in October and rebranded as Trellix last week, with the stated goal of focusing on the XDR market.

‘Hyper fast’ analytics

When it comes to SentinelOne’s XDR offering, technology from Scalyr is now at the core, he said. Scalyr — which SentinelOne acquired in February 2021 for $155 million — was not originally focused on security, however.

Scalyr was founded by Google Docs creator Steve Newman, and developed a cloud-native data analytics platform focused on log management and observability. “They weren’t security specialists [but] we felt it was really the best-performant data analytics platform in the space,” Warner said.

After spending several quarters integrating the Scalyr technology, the SentinelOne XDR is now powered by Scalyr’s “unbelievably powerful and hyper-fast analytics platform,” he said. “Especially as it relates to IR, that really is what makes it go.”

The platform automates the collection of forensic artifacts — digital traces such as browser histories, downloaded files, and event logs — then streams the output into a data lake, where it can be searched and queried as part of a breach investigation.

Increased automation

At KPMG, bringing automation to this process helps to scale the firm’s collection and review of artifacts, Nides said.

The capabilities are critical for investigations of companies that hadn’t been using an endpoint detection and response (EDR) tool, he said. The Scalyr-powered SentinelOne XDR platform essentially allows investigators to “go back in time to answer these really important questions,” Nides said.

While a growing number of vendors have begun offering XDR, when it comes to IR use cases such as this, Nides said that the SentinelOne platform with Scalyr’s technology is the first truly “commercial” version of the capability that he’s seen.

The bottom line for KPMG, Nides said, is that the technology is helping the firm to “do more incident response.”

“There’s a war for talent. And as important as people are in this process—I don’t think you’re ever going to entirely be able to replace people [in IR]—it’s about doing more with the people that you have,” he said. “Having technology and automated processes like this just allows us to take on more engagements.”

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article