SentinelOne Shifting To Become ‘Autonomous Orchestrator’ Across Security Tools: CEO Tomer Weingarten
The shift comes as many of the cybersecurity tools sold and deployed over the past decade — including the current iteration of SIEM — could be displaced over time with the emergence of AI agents, Weingarten tells CRN.
SentinelOne is moving aggressively to become a centralized platform for orchestrating all security tools and data sources — including products from third-party vendors — in order to provide the real-time, autonomous security that partners and customers are calling for, SentinelOne Co-founder and CEO Tomer Weingarten said Tuesday.
The major shift comes even as a large portion of the cybersecurity tools sold and deployed over the past decade could be displaced over time with the emergence of AI agents, creating massive opportunities for solution and service providers, Weingarten said in response to questions from CRN editors during the 2025 XChange Best of Breed Conference.
[Related: SentinelOne Seeing ‘AI Advantage’ Pay Off With Platform Growth: CEO Tomer Weingarten]
The industry is already “not too far from the day” where a well-trained security LLM could displace CSPM (cloud security posture management) by enabling discovery and remediation of public cloud misconfigurations with a few clicks, he said during the conference, hosted by CRN parent The Channel Company in Atlanta.
That’s just one of many examples of where AI and agentic could next be shaking up the cybersecurity tools market, Weingarten said.
Overall, “I think a lot of the stuff that we’ve been selling, deploying, implementing in the past decade — I think a lot of it’s going to become irrelevant. [Either that] or, if you’re leaning on it, you’re probably just not doing stuff fast enough, and efficient enough,” he said. “That’s really where we see AI and the inception of agentic capabilities.”
Another security product segment that could be disrupted is undoubtedly SIEM (security information and event management), he said.
“I think [that] the SIEM as it’s designed today — with all these dashboards and normalization and indexing and schemas — I think that goes away. I think that you kind of don’t need that layer,” Weingarten said. “You need to move to a meta layer, I would say — almost like a meta platform that will just onboard data in the most seamless way, in the easiest way.”
SentinelOne itself has seen strong growth for its own AI-powered SIEM, bolstered in part by having a majority of the data that ultimately ends up in a SIEM tool as an endpoint detection and response (EDR) vendor, he noted. At the same time, the vendor is redefining its role to serve as a central orchestrator of security across not just SentinelOne products but also third-party tools, according to Weingarten.
“Our role, I think, has shifted from giving you tremendous endpoint protection, to now helping you make more of the security investments that you already have,” he said.
By connecting all products, unifying the data feeds from the tools and then applying AI as the data is streaming in real time, that could reshape how security is done, Weingarten said.
“I now have this visibility. I’m able to cross-correlate all these different data points. Now, can I apply AI in real time, as the data is streaming, so I can find all these issues that might exist in the environment?” he said. “And now that I found those issues, can I orchestrate autonomous — or close to autonomous — action to then go back and say, ‘I’ve seen something with my email provider that correlates to my network firewall. Can I now understand what intelligent action needs to happen, and can I now click ‘OK’ and have that action take place across my entire enterprise stack?’”
This broadening focus by SentinelOne is getting a boost from moves such as the company’s deal last month to acquire Observo AI, a data streaming platform that can enable improved management of data pipelines tailored for the AI era, Weingarten said.
An ‘Intriguing’ Vision
There’s no question that vendors who can bring an approach to security that is more autonomous and real-time — and that correlates data from multiple vendors — would be welcomed by many MSPs, according to Jack Skinner, CTO of Oversee My IT, an MSP based in Lewisville, Texas.
For SentinelOne, evolving into a vendor-agnostic security platform is a promising move given the needs that many MSPs and their customers face from juggling multiple tools and data sources, Skinner said.
“You can really see their vision of becoming a security orchestration platform and being an orchestrator. I thought that was really intriguing,” he said.
It was also notable to hear that Weingarten believes that many existing security tools, including the current incarnation of SIEM, could become unnecessary in the future as agentic technology advances, Skinner said.
“SIEM is a behemoth that you have to manage and monitor and deal with and query,” he said. “AI is definitely changing that.”
No ‘Magical Platform’ Coming
For many partners and customers, the need for bringing together tools and data feeds into a unified threat assessment system is urgent given the sprawl of security products and the over-abundance of alerts from those tools, Weingarten said.
Offering a platform that can serve as a central orchestrator for all of the different security tools a partner or customer might use is a lot more likely to gain widespread adoption than an attempt to provide all capabilities on a single vendor’s platform, he said.
“It’s really clear that everybody has hundreds of security controls and hundreds of security products in their environment,” Weingarten said. “It’s totally unrealistic to think that somebody is going to come in and deploy this magical platform to replace all of that. That’s not going to happen.”