SentinelOne is making the first acquisition in its nine-year history Tuesday, scooping up data analytics tech developer Scalyr to better ingest, correlate, search and act on data from any source.
The endpoint security vendor said its proposed purchase of San Mateo, Calif.-based Scalyr will make it possible to ingest massive amounts of machine and application data in real time. This in turn will allow businesses to analyze, query and act on data with unparalleled speed and cost-effectiveness, according to SentinelOne.
“Data is the new gold in cybersecurity,” SentinelOne Chief Operating Officer Nicholas Warner told CRN. “The ability to analyze, take action, understand and utilize data properly has become incredibly important, particularly in the work-from-home environment.”
Warner said SentinelOne examined several players in the data analytics space as potential acquisition targets, but almost immediately homed in on Scalyr thanks to its ability to ingest data from any source and take action quickly upon indexing. The deal will give SentinelOne’s channel partners a broader product set to bring to market, including Scalyr’s log management and event data cloud offerings.
Retaining data has become increasingly critical in the wake of the SolarWinds breach, where Warner said the hackers waited two weeks before launching an attack and weren’t discovered for many months. Scalyr will make data ingestion and analysis more efficient from a performance, speed and cost standpoint, and SentinelOne expects to integrate Scalyr’s capabilities into its core platform in months, not years.
“We’ll own our entire data stack and the entire security stack within our technology,” Warner said. “This will really help move power back to the defender, back to the cybersecurity practitioner, in terms of the time advantage.”
SentinelOne will spend US$155 million in equity and cash to buy Scalyr, and the deal is expected to close during the company’s fiscal first quarter. Scalyr was founded in 2011, employs 51 people, and has raised US$27.6 million in five rounds of outside funding, according to LinkedIn and Crunchbase. The company’s headcount is down 18 percent from 62 employees a year earlier, according to LinkedIn.
“The security and data analytics industries are uniquely related, and this acquisition provides SentinelOne the opportunity to set the agenda as the XDR [Extended Detection and Response] category leader,” Scalyr CEO Christine Heckart said in a statement. “Scalyr’s current customers will benefit from expanded investment, and SentinelOne’s customers will enjoy Scalyr’s big data capabilities within the Singularity platform.”
Scalyr creates a realtime data lake for ingesting structured and unstructured data from internal enterprise data sources as well as technology products or platforms like Microsoft, AWS, Google or CrowdStrike. The company ingests and stores petabytes of structured and unstructured machine data and is optimized to search and store data at low costs and high speeds, according to SentinelOne.
The company was founded by Steve Newman - the creator of Google Docs – and was the industry’s first cloud-native, cloud-scale data analytics platform for log management and observability. Scalyr is used by organizations like NBC Universal, CareerBuilder, TomTom, Lacework, Zalando, Tokopedia and Asana to manage their large-scale data operations, according to SentinelOne.
“The folks at SentinelOne had aptly recognized that for a security company, data analytics is a strategic core competency, and long-term success requires building that competency in-house rather than relying on third-party solutions,” Newman wrote in a blog post Tuesday. “They had been exploring the market, and saw that Scalyr’s Event Data Cloud was a perfect fit for their vision.”
The acquisition will provide SentinelOne customers with autonomous, realtime and index-free threat analysis and mitigation that goes beyond the endpoint to protect the entire enterprise and cloud attack surface, SentinelOne said. Specifically, SentinelOne said the deal is expected to bolster its realtime threat mitigation across the enterprise and cloud.
Combining disparate data with SentinelOne’s technology will make it easier to autonomously identify malicious behaviors, the company said. Specifically, SentinelOne said its approach can identify techniques exhibited by advanced persistent threats such as the Sunburst malware the Russian hackers used in their recent attacks on SolarWinds and others.
“Few companies develop their own data stores and technology such as Scalyr’s cannot be built overnight,” Weingarten wrote in a blog post Tuesday. “We developed the foundation to house and take action against all enterprise data with the Singularity XDR platform and Scalyr provides a rapid and exciting path to realize our vision.”