SentinelOne CEO: Microsoft Security Should Be More Like Apple

In a wide-ranging interview, SentinelOne’s Tomer Weingarten also discusses Palo Alto Networks, Wiz and the startup M&A environment—and shares the ‘best decision’ of his career.

The Case For Copying Apple

For years, Microsoft has borrowed much from Apple’s design aesthetic in its software, including the Windows 11 operating system. But the area where Microsoft actually needs to emulate Apple is on security by making its products “secure by design” in the same way that Apple has worked to do in iOS, said SentinelOne CEO Tomer Weingarten. Instead, however, Microsoft has plowed its investment dollars into “building security products and generating more revenue, instead of just improving their ecosystem,” Weingarten said Tuesday at the 2023 XChange Best of Breed Conference.

During the conference, hosted by CRN parent The Channel Company in Atlanta, Weingarten tackled numerous other topics during a 45-minute interview session: Why SentinelOne won’t be putting itself up for sale, how the company plans to compete with Cisco-Splunk, the status of SentinelOne’s R&D office in Israel and the potential for generative AI to improve security. The SentinelOne co-founder and CEO also discussed the differences he sees in his company’s approach compared with Palo Alto Networks, along with commenting on the now-terminated reseller partnership with cloud security firm Wiz and the startup M&A environment, which he believes has been “a bit exuberant” lately. And in terms of SentinelOne’s growth strategy, Weingarten called his long-running commitment to doing 100 percent of deals through channel partners the “best decision” of his career.

‘Systemic Risk’

Weingarten’s comments on Microsoft addressed a question that’s been generating increased debate around the cybersecurity industry: Does the tech giant’s continual stream of new vulnerabilities in Windows, Office and other widely used software products reflect a lack of responsibility by the company or not? Highlighting the contrast between Microsoft and Apple, he suggested that Microsoft could in fact be doing more around securely designing its products if it wanted to. With Microsoft, “you’re buying into something that is less secure by design than what you can get from Apple,” he said. And then on top of that, you must pay a “tax” to get better protection for the products by adding on Microsoft’s security tools, Weingarten said. Without a doubt, this approach by Microsoft poses a “systemic risk,” he said.

Weingarten’s comments coincided with Microsoft’s monthly Patch Tuesday release, in which the company made fixes available for 104 security issues, three of which the company said were zero-day flaws that are being actively exploited. Microsoft also rolled out a new patch for a critical Exchange vulnerability after the initial fix in August was found to be insufficient.

‘We All See Through It’

During the session Tuesday, Weingarten also shared his views on one of the biggest mistakes that CEOs tend to make: “Don’t do it for the profit,” he said. “It’s not the greatest North Star. If you’re just doing stuff for profit and gain, you end up like Microsoft—where you build products just to generate more and more revenue, and you try and dress it up in a ‘do-good’ approach. But we all see through it.”

What follows is an edited and condensed portion of Weingarten’s comments from his appearance at XChange Best of Breed.

Generative AI

When I started the company, we basically built a full autonomous system. It’s one of the only endpoint protection platforms out there today that actually takes real-time decisions based in AI. Now, granted, this is a very structured algorithm. This is a very supervised learning machine that is identifying what’s happening in real time and then reacting to it, with no human intervention whatsoever.

With Purple AI, it’s now adapting these same algorithms. It’s taking away what we’ve learned [about] autonomous operation on the endpoint side, but now, let’s do it across all data that we receive. Let’s do it across the network. Let’s orchestrate the firewall. Let’s start looking at enterprise defense in a more holistic manner. That’s what Purple AI is designed to do.

Part of it is that conversational interface. I think that democratizes the way to do cybersecurity. EDR and threat hunting are very, very complex to do. With a conversational interface, in plain English, you can start asking very complex questions in a very easy way, get the results and automate action.

The second part, which to me is more interesting, will drastically change that balance of power between attackers and defenders. [This involves] integrated algorithms and integrated AI, and the ability to run more predictive algorithms that are working autonomously, in a highly accurate way, to see badness, analyze badness and remediate badness in the most automated way possible.

100 Percent Channel Model

It’s the best decision that I’ve taken in my life. When we started the company, we had a very simple philosophy that [continues] today: We’re going to be a technology company—we’re not going to be a services company. We are focusing on building the best technology that we can to empower the people that can deliver professional services at scale, across the globe. One of the first things that [we did] is very, very different. There’s almost no startup that you’ll talk to that in their early days will invest in the manageability aspects of the platform. Everybody’s focused on building their technology. We built multi-tenancy. We built the ability to manage multiple sites at the same time, multiple customers at the same time, with one click, with an overarching, fully scaled, cloud-native platform. That is something that we decided to do maybe seven or eight years ago.

We never compete with [channel partners]. Even if we do have some overlapping capabilities, each and every person in my company knows that they are not to pitch against the channel. If a partner is out there with us selling to a customer, and they’re pitching their own services, we will never come in and say, ‘Ours is better—go with us.’ It’s just never happened and never will happen. That’s the commitment that we have for the channel. And we truly believe that that’s the way to scale cybersecurity.

[Some competitors] are basically an MSSP also. Some of the things that they do are moving deals direct. With us, we don’t do direct deals. We don’t play these games.

Microsoft’s Security Strategy

To me, it was always puzzling to see Microsoft not taking their investment dollars and putting it into product security. They’re putting it into building security products and generating more revenue instead of just improving their ecosystem. Think about Apple as an example. Imagine that instead of investing all their might into making sure that iOS is as unhackable as possible, they would say, ‘OK, we’re going to put some money into building an antivirus for iOS. So you need to pay for it, download it and deploy it. And that’s the way you can, potentially, protect your iOS device. And that’s not going to be enough. So we’re going to sell you a host of other products so you can protect your iOS device.’ That is exactly what Microsoft is doing.

And that, to me, poses the systemic risk because you’re buying into mediocre software for the price. You’re buying into something that is less secure by design than what you can get from Apple. And then you’re also paying them a ‘tax,’ in terms of security products, that are in themselves more complex. If anybody here has tried running, truly hands-on, the Microsoft security stack, that’s a collection of a lot of different capabilities that’s really hard to control.

And then you see these breaches and these hacks and these bypasses. Yes, budget is important. But at some point, I think we will shift back into, ‘Hey, we need to focus on technology.’ [With SentinelOne] not only are you getting better technology and better security posture, you’re also driving more value for the customer. And I think in time this will just have more and more momentum.

Differences From Palo Alto Networks

Palo [Alto Networks] is a good company. [But] I think that generally, they’ve been very focused on getting people more entrenched into their own ecosystem. Basically they’re saying, ‘If you buy into our ecosystem of products, we can deliver on that vision for you. So buy the endpoint, buy the network, buy the cloud, buy everything from us, and then it works together.’ I think they’re focused on their estate, and their offerings might make sense to the customers in their estate. I think they make much less sense if you’ve not bought into the full platform.

If you look at what we’re trying to do, we want to be an open vendor. We work with all vendors. We ingest data into our platform from our competitors’ endpoint products. And we ingest data into our platform from the Palo Alto [Networks] firewall. So we believe that to be successful in what we’re trying to do—to deliver great security for the customer—we can’t force them to use subpar products.

Nixing The Wiz Reseller Agreement

I think both companies have aspirations to grow their cloud presence into different directions. And I think that was never a secret. We talked about some of our aspirations to go and have a full CNAPP suite for a few quarters now. We’ve added data security, we’ve got the best workload security, we’ve added vulnerability management in the cloud, we’ve added cloud discovery. So today we have a pretty robust CNAPP suite, and I think the competitive overlap started to be bigger and bigger. I do think you’ll see us do even more in cloud security.

In terms of the customer integrations and technical integration, we’re keeping all of those. Obviously we’ve got joint customers, and we want to make sure that we continue to serve them in the best way possible. But I think in terms of selling capabilities, we’re going to focus on selling our own capabilities.

Startup M&A Environment

We’re keeping our eyes open, and we’re going to be opportunistic. [But] I’ve got to say, we’ve seen a few acquisitions just now, and I was a bit surprised by the multiples. I think these are all sub-scale companies, practically $1 million to, tops, $5 million [annual recurring] revenue. That’s like an 80X, 90X, 100X multiple. To me, it sounds a bit exuberant. I don’t know that these are prudent moves by some of these companies. I don’t know that they warrant that type of an aggressive valuation.

I think we need to wait some more for private-market valuations to normalize. I do think that there’s a lot of companies out there that have aspirations that sadly would never come true. I think that AI is also changing the strategic nature of what some of these startups are putting out there.

So I would not rush to buy anything. I think there are some companies that can do very interesting things that I could see us acquire, but I think we’ll be more disciplined in how we look at the valuation.

Biggest Mistakes By CEOs

Keep your humility. That’s intangible but very, very important. And with that, be adaptable and keep on listening. I think a lot of folks, especially CEOs, they’re very hard-charging, they’re coming in and they think they’ve got all the answers. They ‘educate’ the partners, they ‘educate’ the customers. Sometimes you just need to also listen and internalize some of the feedback. You don’t have to adopt everything. But I think at least actively listening to what others have to say is incredibly important. And I think lastly, don’t do it for the profit. It’s not the greatest North Star. If you’re just doing stuff for profit and gain, you end up like Microsoft where you build products just to generate more and more revenue, and you try and dress it up in a ‘do-good’ approach. But we all see through it.

You need to focus on building real technology. Build IP that matters. I think that’s the only way for us to change what’s happening in this world. I don’t think we’re on a great trajectory with technology right now. I think we need more focus on building real things versus how do we make the biggest bang for the buck, as quick as we can?

For the first three years [at SentinelOne], we never sold anything—we just built. It’s hard to get some of that stuff right. So be patient. Don’t rush products to market and focus on technology.