Analysis: SentinelOne Wants Way More Of The Cloud Security Market

The vendor is about to make a major push into offering agentless cloud security tools — putting it into competition with companies that include onetime close partner Wiz.


Here’s just some of what SentinelOne had to unveil this week during its conference, OneCon: A big new release of its Singularity platform. More details on its Purple generative AI technology. A new threat intelligence offering. And finally, the launch of its own risk advisory unit, based on the acquisition of prominent firm Krebs Stamos Group.

But what grabbed my attention the most from the Boca Raton conference (at least from where I sit in New York) was what SentinelOne is up to in cloud security.

The key message on SentinelOne cloud security seems to boil down to this: S1 is coming for those CNAPP dollars.

Sponsored post

[Related: SentinelOne’s MSSP Partners Are Driving ‘Standout Growth’: CEO Tomer Weingarten]

For those uninitiated into the mysteries of CNAPP, it’s the favored acronym of the moment to serve as shorthand for a comprehensive, modern-day cloud security platform. The Gartner-coined term has been widely embraced in the security industry over the past couple years as an alternative to saying the whole 12-syllable thing (cloud-native application protection platform).

SentinelOne has been talking about CNAPP for a while, but until this week, it wasn’t clear what the company’s next moves might be there. As a comprehensive platform, CNAPP includes a bunch of different capabilities, many of which SentinelOne doesn’t have.

But S1 plans to change that very soon, Ric Smith, chief product and technology officer at SentinelOne, told me this week.

While the channel-focused vendor got its start as a disrupter in endpoint security, it has since branched out into a few other categories, cloud security among them. Specifically, SentinelOne has specialized in cloud workload protection, which leverages the same software agent-driven approach the company has used in the endpoint sphere.

For its next act in cloud security, however, SentinelOne has something different in mind.

In recent years, upstarts such as Wiz and Orca Security have stormed into the cloud security market with an agentless method for securing cloud environments. The approach involves taking snapshot scans of cloud environments, rapidly providing visibility into security issues such as cloud misconfigurations.

As you may already know, the concept of agentless cloud security has proven massively popular with partners and customers. And in just a few years, it’s transformed Wiz into the top-valued unicorn in cybersecurity, at $10 billion, while turning Orca into an IPO contender.

In addition to those two companies, cybersecurity heavyweights such as Palo Alto Networks, CrowdStrike and Microsoft are among the other big players in this market, known as cloud security posture management, or CSPM.

Now, SentinelOne plans to soon enter the CSPM market, as well, according to Smith.

But the company isn’t just gunning for CSPM.


SentinelOne, Smith told me, is gearing up to deliver several more capabilities to round out its CNAPP offering.

According to Smith, another key cloud security capability (and acronym!) coming to Singularity is cloud infrastructure entitlement management, or CIEM. That one is focused on securing identities and permissions in the cloud. And it, too, utilizes an agentless approach.

Meanwhile, in addition to CSPM and CIEM, “we’re actually extending cloud workload security to add agentless-based detections for exposures of [developer] secrets,” Smith said. “And we’re also introducing ‘shift left’ security for containers and servers. And so, when you round that out, we will have both the agent-based and agentless-based capabilities of a classic CNAPP.”

SentinelOne expects that the new agentless cloud security capabilities will arrive on the Singularity platform during the company’s fiscal second quarter, which will run from May through July 2024.

Meanwhile, among SentinelOne’s other announcements this week was a new partnership with Snyk, whose developer security platform has seen widespread adoption. The arrangement involves integrating SentinelOne’s cloud workload protection with Snyk’s platform to provide better correlation between cloud threat detections and container vulnerabilities.

By the way, the new cloud security capabilities are also timed to capitalize on the new release of the Singularity platform, dubbed Unity. The release is so named because of the way the company will be tying together formerly disparate parts of its platform, notably including cloud security.

Ultimately, it will allow partners and customers to “understand how that whole picture fits together,” Smith said.

Analyst Take

To get another perspective on what SentinelOne is undertaking in the cloud security market, I asked a Wall Street analyst who follows the company, Shaul Eyal of TD Cowen.

SentinelOne, he told me in an email, has made it clear for a while that the company “is heading deep into cloud-related infrastructures.”

“We see a natural move towards CSPM and CIEM as the company is committed technologically to staying ahead of the curve product-wise,” said Eyal, managing director for equity research at TD Cowen.

As part of this push by SentinelOne, “we expect more moves organically and through small tuck-in acquisitions,” he said. Additionally, “it will be interesting to examine its recent venture investments which could point to future R&D investments,” Eyal told me.

‘Competitive Overlap’

One more thing: If you’ve been a regular reader of CRN, then you’ll know that SentinelOne was not long ago a very close partner of CSPM standout Wiz. Until they weren’t.

The sudden dissolution of the partnership in August, however, was in fact related to their respective product roadmaps in cloud security, SentinelOne CEO Tomer Weingarten acknowledged last month, on stage at the 2023 XChange Best of Breed Conference.

“I think both companies have aspirations to grow their cloud presence into different directions,” Weingarten said during the conference, which was hosted by CRN parent The Channel Company.

In other words, “the competitive overlap started to be bigger and bigger,” he said, before mentioning something we now have a lot more details on: “I do think you’ll see us do even more in cloud security.”