Mandiant Incident Responders Gain Access To SentinelOne

‘We’re hitting the ground running fast with those folks, and there’s further product integrations with their technology platform to come,’ SentinelOne Chief Operating Officer Nicholas Warner tells CRN.


Mandiant and SentinelOne have teamed up to give Mandiant’s incident responders access to SentinelOne’s Singularity XDR platform to investigate and remediate breaches.

The integration of Singularity XDR and Mandiant Advantage XDR means that Mountain View, Calif.-based SentinelOne now has partnerships with three of the world’s five largest incident response firms, according to COO Nicholas Warner. The partnership comes in the wake of Reston, Va.-based Mandiant selling off its FireEye products business and is akin to integrations announced with Microsoft and Splunk.

“We had a bunch of very large customers who were asking for this,” Warner told CRN. “We’re hitting the ground running fast with those folks, and there’s further product integrations with their technology platform to come.”

Sponsored post

[Related: Mandiant Forges Bond With Microsoft As FireEye Sale Nears]

The partnership will bring together SentinelOne’s strength around data analytics and surface protection thanks to the company’s background in endpoint detection and response (EDR) with Mandiant’s human expertise, threat intelligence and research, Warner said. As SentinelOne pushes from EDR into XDR, Warner said the company can leverage Mandiant to help manage email security platforms and firewalls.

In addition to Mandiant, Warner said the company already has relationships with incident response giants Kroll and KPMG as well as more than 130 incident response firms around the globe. Warner said the Mandiant relationship will allow SentinelOne partners to have a conversation around Mandiant’s managed detection and response tool as well as the company’s incident response and retainer services.

For Mandiant’s consulting practice to succeed, the company must support endpoint technology such as SentinelOne’s, which already has thousands of customers and is growing rapidly, said Marshall Heilman, Mandiant’s EVP and global CTO. Supporting SentinelOne’s technology also helps Mandiant’s consulting organization provide incident response services to a wider swath of customers than they do today.

“We‘re announcing the SentinelOne partnership because we need to support more EDRs than just the FireEye/Trellix that we’ve always supported and Microsoft Defender for Endpoint that we supported as of late 2020,” Heilman told CRN.

Heilman said the company has spent tons of time integrating SentinelOne’s back-end systems into Mandiant Advantage to ensure the company’s consulting organization can look at data coming out of the SentinelOne platform to identify related alerts they hadn’t noticed before. Plus Mandiant’s channel partners can sell pre-packaged solutions to customers who want access to SentinelOne’s products.

Mandiant has seen a nice uptick in its managed detection and response business as the company added additional vendor integration options such as Microsoft and Splunk, Heilman said. He anticipates the company will partner with a couple of additional EDR companies so that Mandiant is able to support all the major endpoint security vendors that partners and customers are using, according to Heilman.

From a metrics standpoint, Heilman said Mandiant plans to track financial figures such as incremental ARR on the platform side, sales generated on the consulting side, and the pull-through from consulting to MDR services. And a year from now, Heilman said Mandiant will monitor the renewal rates in instances where customers are also leveraging SentinelOne technology.

“We’re now able to go out there and land the partnerships we want to land,” Heilman said. “We can go out there and we can partner with all these companies that are technically competitors as a neutral third-party tool to make certain that our joint customers get the best possible outcome.”