The CEO Co-Founder of Sentinel One spoke with AMEinfo to shed light on their startup, which recently achieved unicorn status, as well as the greater cybersecurity industry.
After securing $200 million in a Series E funding round last month, pioneering endpoint protection firm SentinelOne finally achieved unicorn status after being launched in 2013. Realizing a gap in the cybersecurity of endpoints in enterprise networks, CEO and Co-Founder Tomer Weingarten created the company with a like-minded group of defense and intelligence experts to develop a dramatic new approach to endpoint protection, one that applies AI and machine learning to thwart known and unknown threats.
AMEinfo had the opportunity to speak with Weingarten, where he discusses the growth of SentinelOne into one of the premier names in the cybersecurity field after just 7 years in the field, as well exploring the intricacies of the $8 billion endpoint market today.
1. Can you tell us briefly about the origins of your company and the market issues you first sought to address?
SentinelOne is the only cybersecurity solution that encompasses prevention, detection, and response capabilities across endpoints, containers, cloud workloads, and IoT devices in a single, completely autonomous platform. With SentinelOne, organizations gain full transparency into everything that is happening across the network at machine speed -- to defeat every attack, at every stage of the threat lifecycle -- replacing traditional antivirus solutions.
We formed the company because enterprises were shackled by traditional antivirus products which didn’t work, took away employee productivity, and took too many people to manage. It was time for disruption. Our goal was to help enterprises for the very first-time defeat attacks, not just some of the time, but all of the time. This vision enabled us to develop the industry’s first unified EPP and EDR solution where we not only prevent and predict attacks but also built patented behavioral AI for autonomous detection and remediation capabilities if something can’t be identified pre-execution. This was and is revolutionary. With SentinelOne technology, each endpoint can make decisions for itself and even recover from attacks in realtime.
As we evolved and grew, we built in a depth of capabilities such as Deep Visibility threat hunting and enterprise management capabilities. In our latest releases, we extend our technology beyond the endpoint to IoT security and cloud native containerized workload security – bringing all data back to one place, our Singularity platform. We are the first to deliver cybersecurity for the enterprise in one singular platform that seamlessly encompasses the enterprise attack surfaces of today and tomorrow.
2. What were those early days like and how did you accelerate growth?
Computers and software always fascinated me. I met one of SentinelOne’s co-founders during our teenage years when we were both intrigued by studying network security and challenging current defenses. This was an era, not completely dissimilar to what we’re experiencing nowadays, where everything was easily hackable. SentinelOne co-founders and I joined hands to conceptualize what the ideal protection software might look like. By building an autonomous AI core that can monitor a device in real-time, autonomously block, detect, and even remediate attacks with a single lightweight agent, we've been able to build a product with unrivaled efficacy and a broad platform coverage. Its automated EDR (endpoint detection and response) capabilities can deploy rollback functionality post-execution to return a computer to a pre-infected state. The platform is equipped with a 360-degree view of endpoints and threats from inception to termination which powers forensics and policy enforcement.
Sandboxing and signatures would not be able to handle a growing and “increasingly menacing attack landscape, so we knew that the only effective line of defense would be trapping and stopping the attacker on the endpoint device. And those ideas happened to coincide with advances in artificial intelligence and machine learning.
We knew that machine learning would create a powerful and effective new way to detect and block attacks in real-time – without needing any specific prior knowledge of the attack or its payload. This was an incredible breakthrough – enabling our technology to use statistical analysis to accurately predict that something attempting to run on an endpoint was malicious.
After building the first prototype at the beginning of 2013, we showed it to security and infrastructure officers across the most advanced technology companies in the world. After receiving positive feedback from security experts, the initial product was further developed.
To date we received more than $430 million in total funding. In March 2013 we secured $20K funding followed by another $2.5M in August 2013. The company also raised $12M in April 2014 and $25M in October 2015.
In January 2017, SentinelOne raised $70 million in funding from investors such as Redpoint Ventures, Sound Ventures, Third Point Management, Data Collective, Granite Hill Capital Partners, Westly Group and SineWave Ventures.
After a 2018 of significant growth, we secured a Series D of $120 million funding from leading investors such as Insight Partners, NextEquity, and Samsung. With mounting interest in the company and our technology from the marketplace, earlier this month, we announced $200 million, a Series E round of funding that brought SentinelOne valuation to $1.1 billion. We managed to double our valuation in less than a year — a sign of our relevance and impact in the cybersecurity space.
3. Can you share with us some details about your products?
Are they B2B or B2C oriented?
Our products, solutions and services are B2B focused and we mainly work with enterprise clients, as well as public sector entities and SMEs.
What technology is involved?
SentinelOne’s single agent technology uses a Static AI engine to provide pre-execution protection. The Static AI engine replaces traditional signatures and obviates recurring scans that kill end-user productivity. Our Behavioral AI is vector-agnostic – file-based malware, scripts, weaponized documents, lateral movement, file-less malware, and even zero-days.
4. How do your services and products differ from competitors?
The endpoint market is the biggest total addressable market in cyber security. A lot of our competitors are point solutions for different problems. Overall, it’s a very fragmented market. Most of these guys are only complementary to anti-virus (AV) and cannot replace it. Most of our competitors are endpoint focused; we’re data focused. The endpoint is one attack surface, however, we also encompass cloud/containers as well as IoT attack surfaces.
Our ability to have one product that can cover both the EDR use case but can also replace the AV and offer better prevention capabilities is unique. The other thing I’ll point out is, attacks today are much more than malware and files, and their multiple vectors of attack you ideally want to cover. We cover all vectors of attack, from the more traditional malware, to memory-based exploitation, to script-based attacks and live attackers. Our ability to be focused on code execution rather than on files, allows us to tackle attacks most other platforms cannot deal with. If you have a product that’s based on indicators of compromise (IOC) for detection – how do you detect attacks that leave no IOC? If you have a product that’s based on running ML on file scan for detection – how do you detect attacks that don’t use files or payloads? These are all attacks that are happening today, so you’d really want to opt for a better, more inclusive approach, and I think that’s one of the biggest strengths of our code execution inspection and behavior analysis – they cover all of it.
I think the future will show that people will opt for more unified platforms that prevent, detect, respond to, and hunt cyber threats across more than just laptops. We’ve emerged as a leader for traditional endpoints, containers and cloud workloads, as well as IoT.
5. Would SentinelOne consider going public in the future?
While the latest Series E round of funding gives us the flexibility to remain in “startup” mode (privately funded) for some time — especially since it came so quickly on the heels of the previous large round — an IPO would be the next logical step for the company. We’re building a great company and that remains our singular focus.
6. Can you give us an overview of the endpoint security market globally and in the Middle East region, as well as its growth potential?
Rapid technological proliferation, increasing usage of digital solutions, IoT devices, the migration to cloud, as well as introduction of 5G significantly increases the risk of cyber attacks in the Middle East and globally. The Middle East is seeing unprecedented levels of connectivity between devices and beyond traditional networks. A major of the region’s enterprises are adopting cloud solutions for capability, speed, and TCO (Total Cost of Ownership) reasons. With increased connectivity and capabilities comes a need to reimagine the legacy security stack. Whether an enterprise is cloud-first or still on-premise, our technology is capable of securing both constructs.
Globally, endpoint security, the area where SentinelOne concentrates its efforts, last year was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.
According to Markets and Markets, the Middle East Cyber Security Market size is expected to grow from USD 11.38 Billion in 2017 to USD 22.14 Billion by 2022, at an estimated Compound Annual Growth Rate (CAGR) of 14.2%. The base year considered for the study is 2016 and the market size estimated is from 2017 to 2022. The major growth drivers of the market include the need to mitigate IT security risks, rising instances of enterprise targeted cyber-attacks and threats, and proliferation of smart city and digitization projects in the Middle East region. The Middle East cyber security market faces challenges, such as issues pertaining to the complexity of advanced threats and dynamicity of organizations and IT infrastructure and cloud environment. Moreover, factors such as increased operational costs and the lack of awareness regarding the internal and external threats, limit the growth of the market.
7. In what ways will AI continue to be utilized in the cybersecurity industry?
When it comes to next-generation cybersecurity, traditional on-premise signature database protection models are ineffective and lack administrator visibility.
Most traditional and next-gen approaches only rely on scanning files to detect attacks, which makes them extremely vulnerable to new attack techniques. The shortcomings of other products are especially relevant to today’s live and file-less attacks. The on-agent AI detection engines allow SentinelOne to autonomously detect and respond to malicious behavior immediately, offering machine speed responses such as on-agent remediation and rollback.
In order to adequately defend the business and adopt cloud, containers, IoT and more, organizations need dynamic artificial intelligence-driven (AI) next-generation endpoint protection platforms that defend every endpoint against all types of attacks, at every stage in the threat lifecycle without the need for human intervention.
8. The Coronavirus outbreak has led to more people, including remote working employees, to being confined to their homes, using their devices much more frequently. This influx of online users and increased time online could prove to be a lucrative opportunity for threat actors to increase their attacks. What are your thoughts on this?
Coronavirus is a serious global concern; while may employees are being told to work from home, many enterprises haven’t adequately prepared for life outside the network. We recently published a blog with helpful tips for CISOs and employees when working from home. First and foremost, keeping systems malware and threat free is of critical importance. Technology such as ours at SentinelOne is a key part of helping CISOs and boards sleep soundly knowing that wherever employees work, regardless of network or even internet connectivity, they’re protected. Outside of endpoint technology, employees need to be hyper sensitive to phishing campaigns that leverage current events to manipulate employees to wire money, enter credentials, or visit suspicious sites. Bad actors take advantage of global crises to achieve their agendas.
9. What are SentinelOne's plans for the future?
We will continue investing in innovation as we believe once developments in this area stop, companies are no longer leaders. A significant part of our future involves increasing our investments in go-to-market on a global scale.
Investing in and on our business is the focus. With our Series E funding round, we confidently own our destiny; we’ve demonstrated ability to execute and lead. Now we look to take things to the next level as we continue to scale and become cybersecurity’s best platform for tomorrow.