SentinelOne Channel Chief On Massive Cloud Security, ‘AI SIEM’ Opportunities

The cybersecurity vendor is making a major push with partners this year around AI-powered SIEM, as well as on cloud and data security, SentinelOne’s Brian Lanigan tells CRN.

SentinelOne is doubling down on teaming with partners this year around growth opportunities such as AI-powered SIEM, while also accelerating its cloud security push using a “whole different approach” from competitors, SentinelOne Channel Chief Brian Lanigan told CRN.

Just shy of one year since Lanigan joined the company, SentinelOne is well underway in broadening its platform beyond its core endpoint security offering and now has widely deployed tools in cloud and data security as well as in security operations.

In particular, he said in a recent interview, SentinelOne brings a distinctive approach to SIEM (security information and event management), which many security teams depend upon for responding to cyberthreats. SentinelOne’s “AI SIEM” offering will be a major focus for the company this year, Lanigan said, as well as a key focus for increased efforts with solution and service provider partners.

“A rules-based approach in today's world just doesn't work,” he said. “Using AI, on top of that cloud-native data architecture, is critical to really looking at how you're going to solve the security incidents out there.”

Crucially, the move into SIEM “opens up massive opportunities for our partners,” Lanigan said — especially at a time of change in the segment due to consolidation such as Cisco’s acquisition of Splunk and Palo Alto Networks’ acquisition of IBM’s QRadar SaaS business.

For SentinelOne, the aim with SIEM is not necessarily to “rip out Splunk or go rip out QRadar,” he noted. “But there are use cases that we can help solve for.”

The growth in SentinelOne’s newer businesses is already reaching significant scale, the company said last fall. SentinelOne disclosed in October that its cloud security business has crossed $100 million in annual recurring revenue (ARR), while its data business — which includes SIEM — has reached $70 million in ARR.

Lanigan, who is senior vice president of global partner ecosystem at SentinelOne, earlier in his career spent nearly a decade at Splunk, including as a group vice president for its system integrator and MSP business. Prior to joining SentinelOne in March 2024, he had spent two years as channel chief at cloud security vendor Lacework, which has since been acquired by Fortinet.

What follows is an edited portion of CRN’s interview with Lanigan.

Looking back at the past year, what would you point to as the biggest change you rolled out in the partner program?

At a holistic level, it was putting leadership over each [segment]. And then really one of our biggest investments was technical resources that were dedicated to the partner community. Because when you go through with this platform-based approach, they're going to build solutions. They need help building those solutions with our stack. And so we put a global partner [sales engineer] organization in place, with people that have deep expertise in each of these areas, in every theater of the globe. And then we really put a focus on the strategy — [particularly around] the hyperscalers, and around the hyperscalers executing with the rest of the ecosystem. Due to our size, we had access to a fairly significant partnership opportunity with the hyperscalers. But how do you maximize that to drive strong pipeline for your ecosystem, and pipeline for SentinelOne in parallel? So [we focused on] technical resources and hyperscaler investment that brought downstream value to the rest of the ecosystem.

What are the major themes for the year ahead?

After our sales kickoff, we're going to start with a series of our regional PartnerOne summits — where we bring our focus partners together in each of the regions, and deliver our strategy for the year. What they're going to be hearing about is that we have now a very holistic, unified partner program that's going to allow them to participate in multiple ways to work with us. Are they building services capacity and capability with us? Great. We have value that you can interact with. Obviously, you're going to be selling with us. Are you going to build solutions and offerings on top of SentinelOne? Great, there's a track for those. You don't have to sign up to multiple disparate programs. We're going to give you a way to engage with us holistically and get multiple benefits along the way.

Within that, [we will] focus on our capabilities — and what we can solve for — in the data landscape and cloud. Those are going to bring some significant program benefits and some profitability benefits for the partners. We do not want to be a services firm by design. We want to empower these partners to build services practices. That's not just the MSPs and the GSIs — the GuidePoints and the Optivs and CDWs and the SHIs also have significant services practices. So how do we help their profitability with SentinelOne, and even increase exponentially? And then it’s just, how do we focus in together to build profitable businesses together? We've got a very investment-based approach where we're going to invest in those partners that invest with us.

Will you be recruiting new partners this year?

We have a lot of partners, and we love working with all of our partners. I'd say the recruitment would be focused on partners that are going to help us solve either certain segments of the market or are going to open up new buying centers within customers. As we go after the cloud security space, there are a series of partners that have just risen [to the forefront]. Or, as you go after going to market with Google, there are companies that just partner very, very well with Google — reseller partners, [system integrator] partners, etc. So we would go target those.

In terms of cloud and data security, how big are those opportunities for partners right now?

If you look at the cloud space, in particular the cloud security market, it's quite a new market. It really came out of the traditional SIEM solutions not being able to solve for cloud security. They just weren't architected to deal with the type of change that happens in the cloud, and how you secure that environment. All the usual SIEM suspects were just not designed for that type of architecture. That gave rise to a new series of companies — Orca, Wiz, Lacework prior to [its acquisition by] Fortinet.

If you think of what happens with the endpoint — you have agents that go out at the endpoint, and that agent is also going across the cloud workload. We solve the agent-based side of the equation with the cloud solution part of the CNAPP [cloud-native application protection platform] portfolio. What we needed to complete was the cloud security posture management side. So we bought [PingSafe] and we fully integrated that into the platform. Now we're fully going to market competing in the CNAPP space, which is a massive market opportunity for partners — who are, quite frankly, still figuring out the landscape of this partner ecosystem. Because everybody kind of claims to do it, but do they really solve for it? We've been winning well in the market with our partners. We are 100-percent partner. We don't go it alone. And so proving those wins out, that's going to open up great new revenue streams for them.

What do you see as SentinelOne’s major differentiators on AI at this point?

Since the beginning, SentinelOne has had artificial intelligence built into the core of the platform. So us solving for the autonomous [security operations center] — this is something that we've been thinking about for the past decade and have been building into the portfolio. We launched Purple AI on top of the whole platform to actually solve these security problems — across the endpoint, across the cloud, across the data landscape — by having less eyes on glass. [With the SentinelOne system] you can have more of this automated task be done by the AI, while the practitioners are really doing the deep dive on the incidents that need to be resolved. It's been landing incredibly well in the market, and that really does differentiate us from the newer-entered CNAPP players. There's only a few of us and in the larger cybersecurity space that have really been implementing AI for a long time.

Going back to your SIEM offering, what would you want partners to know about how you’re approaching that market?

You'll hear more and more about us in the market this year in the AI SIEM space. The SIEM market is seeing a pretty big change right now — with Splunk going into Cisco, Exabeam and LogRhythm combining, QRadar now going over to Palo [Alto Networks]. And Palo is on round two of what they're going to do for a SIEM. There's a lot of disruption in that space.

[Our advantage is that] we built a cloud-native data architecture. And 70 percent of the data in SIEM is endpoint data. How do we help our customers — by taking that AI — and solve for that security information and event management in a whole different way? You're going to see a lot about us in the market on that, which opens up massive opportunities for our partners who are looking for solutions that are going to help their customers solve for that. So it's not, “’Go rip out Splunk or go rip out QRadar.’” But there are use cases that we can help solve for.

A rules-based approach in today's world just doesn't work. So using AI, on top of that cloud-native data architecture, is critical to really looking at how you're going to solve the security incidents out there. Every rule that you create is going to be instantly outdated if you're not operating at the speed that attackers are. So that's where the artificial intelligence value really comes into play. Our approach is just totally different than the traditional SIEMs.