security

SentinelOne To Challenge ‘Antiquated’ SIEM Technology From … – CRN


Security News


Kyle Alspach


With Splunk under agreement to be acquired by Cisco, SentinelOne sees a ‘huge opportunity with disrupting the SIEM space,’ says the cybersecurity vendor’s CEO, Tomer Weingarten.


 ARTICLE TITLE HERE



With its cloud-native approach and high-powered data analytics technology, cybersecurity vendor SentinelOne expects to pose a formidable challenge to Cisco-Splunk in the future in security information and event management (SIEM) down the road, according to SentinelOne co-founder and CEO Tomer Weingarten.

When asked at the XChange Best of Breed Conference Monday about Cisco’s planned $28 billion acquisition of Splunk, Weingarten answered that “we’ve seen a huge opportunity with disrupting the SIEM space.”

[Related: Cisco-Splunk Will Face Huge Challenge Vs. Palo Alto Networks: Analysis]

“I think that SIEM is generally something that is antiquated in approach, antiquated in architecture, antiquated in scale,” he said during the conference, hosted by CRN parent The Channel Company in Atlanta.

Splunk’s SIEM technology is widely deployed by Security Operations Center teams to provide the logging, analytics and search capabilities they need to monitor and respond to cyberthreats.

For SentinelOne, “it’s going to take some time, so I’m not [suggesting] that starting tomorrow every Splunk customer can find a different home. I think obviously Splunk is a good product. It’s a product that people have built on top for many, many years,” Weingarten said. “But I think it’s time for a better approach.”

Readers Also Like:  Tech Talk: No RMR? Are You Serious? - Security Sales & Integration

CRN has reached out to Splunk for comment.

SIEM systems, Weingarten noted, were originally built to “ingest gigabytes of data, at best, in on-prem environments.”

“It’s a node-based approach, never adapted to a full cloud-native platform,” he said. “The fact that Splunk was telling people that they’re a cloud company—they’re not a cloud company. They took the same technology, they put it into the cloud.”

The issues are not just about Splunk, however, Weingarten added: They are “true for every SIEM out there.”

SentinelOne’s aspirations to displace SIEM technology from Cisco-Splunk and other players in the space brings credibility, given that the company has been such a major “market disrupter” in endpoint security, said Nicholas Scarsella, CEO of Imperium Data, No. 488 on the 2023 CRN Solution Provider 500. Tampa, Fla.-based Imperium Data doesn’t partner directly with SentinelOne, but two MSSP partners that Imperium works with to serve end customers do use the vendor, he said.

When it comes to innovating in additional areas of cybersecurity such as SIEM, “I expect them to continue on the path,” Scarsella said. “They’re known for being a disrupter, and people look to them to continue to do that [more broadly].”

During the session Monday, Weingarten pointed to the benefits around scalability, performance and data retention that SentinelOne will be able to leverage through its cloud-native approach.

Especially critical will be its capabilities from its 2021 acquisition of “next-generation” data analytics provider Scalyr—now known as DataSet—which is “embedded in everything we do,” he said.

SentinelOne’s approach offers “petabyte scale” and “gets rid of all the complexities and the constraints that were in the SIEM world,” Weingarten said.

Readers Also Like:  Many of us are pretty worried about the security risks of ChatGPT - TechRadar

The approach also promises to offer dramatically lower costs for data ingestion and retention, as well as improved performance, he said.

“No longer do you need to worry about a yearlong data retention, something that’s cost-prohibitive. No longer do you need to worry about data retrieval taking hours on end every time you run a query,” Weingarten said.

Ultimately, displacing SIEM is poised to become “a great new opportunity for our company, a great new opportunity for our partners,” he said, speaking to an audience of C-level executives from major solution and service providers. “So all in all, stick with us—I think you’re going to see a lot of success.”


Kyle Alspach

Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at kalspach@thechannelcompany.com.




READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.