SentinelOne’s technology is strong on remediation of malicious attacks, and the partnership with SonicWall will enable automatic remediation of ransomware and other attacks by reversing system and file modifications.
SonicWall and endpoint security vendor SentiinelOne have announced a new partnership which will see SentinelOne’s endpoint technology integrated with SonicWall’s Next-Generation Firewall [NGFW]. It leverages both companies’ strengths in automation to provide for the automatic distribution and enforcement of protection, and automatic remediation in the event of a breach.
“At SonicWall one of our key ingredients has always been the algorithms in our NGFW,” said Bill Conner, SonicWall’s CEO. “As we’ve seen however, with all new threat vectors, you need additional protection behind that. That’s where Capture comes in, our Advanced Threat Protection Service. It blocks suspected malware with three different sandboxing engines until it gets a clean verdict from all three. We’ve been looking for an endpoint piece that we could work into that technical architecture to complement this, and that’s SentinelOne.”
Founded in 2013, Palo Alto-based SentinelOne makes an Endpoint Protection Platform with behavior-based threat detection at its core.
“We’ve seem big endpoint companies struggling to innovate for a long period of time now,” said Tomer Weingarten, SentinelOne’s CEO. “We re-invent the endpoint stack and AV software, and are one of that whole new breed of technology companies that emerged to deal with the most advanced attacks out there. We’ve been selected as a visionary company in two of the last three years’ Gartner Magic Quadrant.”
Like SonicWall, SentinelOne goes to market entirely through channel partners.
“We have been more enterprise-focused, particularly the SME part of that space,” Weingarten said. “However, because we are automated, we feel we are very suitable for the SMB market. We believe that the SMB is underserved by next-gen endpoint vendors, and see this relationship with SonicWall as extending us in that space.”
Conner stressed the similarities in vision and approach between the two companies.
“Automated real-time breach detection and prevention is our vision, and we found that Tomer was building the same thing, but from the endpoint looking back in,” he said. “It’s the same kind of platform, with analytics and behavior models and machine learning. The engineering teams and company visions are very complementary. The market needs to have this automation in real time on multiple layers, so the technologies are a very good fit.”
Conner also emphasized that the remediation capabilities of SentinelOne’s technology are critical for SonicWall’s largely SMB market.
“Adding remediation as well as prevention is especially important in that market extending from the midmarket down to small businesses,” he said. “These companies don’t have people to assign to fix things. They need the technology to do this for them. SentinelOne brings the remediation right to the desktop. All you do is ‘point and click’ – and you go right back to the previous version.”
SonicWall already partners with two sandboxing vendors to add additional engines to Capture, but this is their first endpoint partnership around the Threat Protection service.
“It took a while for us to get the right fit and the right partner technically,” Conner said. “In two weeks, you will see the largest innovation of new products in the company’s history. This one was not a ‘build it’ strategy though. This is a partnering strategy.”
The strategy is somewhat atypical in that while it is an OEM deal, it impacts both vendors’ platforms, not just SonicWall’s.
“We provide technology out of our platform that they will fold into endpoints,” Conner said. “We will then feed those pieces into our Capture and its deep learning algorithms.” The resulting integration provides threat intelligence sharing from both Capture and SentinelOne endpoint data.
“It’s a two-way integration which we have managed to do in the most seamless way possible,” Weingarten said.
That seamlessness will make the product easy to take to market.
“From a SonicWall perspective, this will be SKU’d up and treated just like a SonicWall product,” Conner said. “Tomer’s team is preparing endpoint educational materials for SonicWall University, so our channel will know how to support it. It will be a seamless easy integration because the technologies will automatically recognize each other.”
The combined offering from SonicWall and SentinelOne covers Windows, Linux, Mac OS X and VDI. It will be available in early 2018.