Endpoint security — the branch of cybersecurity that focuses on data coming in from laptops, phones, and other devices connected to a network — is an $8 billion dollar market that, due to the onslaught of network breaches, is growing fast. To underscore that demand, one of the bigger startups in the space is announcing a sizeable funding round.
SentinelOne, which provides real-time endpoint protection on laptops, phones, containers, cloud services and most recently IoT devices on a network through a completely autonomous, AI-based platform, has raised $120 million in a Series D round — money that it will be using to continue expanding its current business as well as forge into new areas such as building more tools to automatically detect and patch software running on those endpoints, to keep them as secure as possible.
The funding was led by Insight Partners, with Samsung Venture Investment Corporation, NextEquity participating, alongside all of the company’s existing investors, which include the likes of Third Point Ventures, Redpoint Ventures, Data Collective, Sound Ventures and Ashton Kutcher, Tiger Global, Granite Hill and more.
SentinelOne is not disclosing its valuation with this round, but CEO and co-founder Tomer Weingarten confirmed it was up compared to its previous funding events. SentinelOne has now raised just shy of $130 million, and PitchBook notes that in its last round, it was valued at $210 post-money.
That would imply that this round values SentinelOne at more than $330 million, likely significantly more: “We are one of the youngest companies working in endpoint security, but we also have well over 2,000 customers and 300% growth year-on-year,” Weingarten said. And working in the area of software-as-a-service with a fully-automated solution that doesn’t require humans to run any aspect of it, he added, “means we have high margins.”
The rise in cyberattacks resulting from malicious hackers exploiting human errors — such as clicking on phishing links; or bringing in and using devices from outside the network running software that might not have its security patches up to date — has resulted in a stronger focus on endpoint security and the companies that provide it.
Indeed, SentinelOne is not alone. Crowdstrike, another large startup in the same space as SentinelOne, is now looking at a market cap of at least $4 billion when it goes public. Carbon Black, which went public last year, is valued at just above $1 billion. Another competitor, Cylance, was snapped up by BlackBerry for $1.5 billion.
Weingarten — who cofounded the company with Almog Cohen (CTO) and Ehud Shamir (CSO) — says that SentinelOne differs from its competitors in the field because of its focus on being fully autonomous.
“We’re able to digest massive amounts of data and run machine learning to detect any type of anomaly in an automated manner,” he said, describing Crowdstrike as “tech augmented by services.” That’s not to say SentinelOne is completely without human options (options being the key word; they’re not required): it offers its own managed services under the brand name of Vigilance and works with system integrator partners to sell its products to enterprises.
There is another recurring issue with endpoint security solutions, which is that they are known to throw up a lot of false positives — items that are not recognized by the system that subsequently get blocked, which turn out actually to be safe. Weingarten admits that this is a by-product of all these systems, including SentinelOne’s.
“It’s a result of opting to use a heuristic rather than deterministic model,” he said, “but there is no other way to deal with anomalies and unknowns without heuristics, but yes with that comes false positives.” He pointed out that the company’s focus on machine learning as the basis of its platform helps it to more comprehensively ferret these out and make deductions on what might not otherwise have proper representation in its models. Working for a pilot period at each client also helps inform the algorithms to become more accurate ahead of a full rollout.
All this has helped bring down SentinelOne’s own false positive rate, which Weingarten said is around 0.04%, putting it in the bracket of lower mis-detectors in this breakdown of false positive rates by VirusTotal:
“Endpoint security is at a fascinating point of maturity, highlighting a massive market opportunity for SentinelOne’s technology and team,” said Teddie Wardi, Managing Director, Insight Partners, in a statement. “Attack methods grow more advanced by the day and customers demand innovative, autonomous technology to stay one step ahead. We recognize SentinelOne’s strong leadership team and vision to be unique in the market, as evidenced through the company’s explosive growth and highly differentiated business model from its peer cybersecurity companies.”
By virtue of digesting activity across millions of endpoints and billions of events among its customers, SentinelOne has an interesting vantage point when it comes to seeing the biggest problems of the moment.
Weingarten notes that one big trend is that the biggest attacks are now not always coming from state-sponsored entities.
“Right now we’re seeing how fast advanced techniques are funnelling down from government-sponsored attackers to any cyber criminal. Sophisticated malicious hacking can now come from anywhere,” he said.
When it comes to figuring out what is most commonly creating vulnerabilities at an organization, he said it was the challenge of keeping up to date with security patches. Unsurprisingly, it’s something that SentinelOne plans to tackle with a new product later this year — one reason for the large funding round this time around.
“Seamless patching is absolutely something that we are looking at,” he said. “We already do vulnerability assessments today and so we have the data to tell you what is out of date. The next logical step is to seamlessly track those apps and issue the patches automatically.”
Indeed it’s this longer term vision of how the platform will be developing, and how it’s moving in response to what the current threats are today, that attracted the backers. (Indeed the IoT element of the “endpoint” focus is a recent additions.
“SentinelOne’s combination of best-in-class EPP and EDR functionality is a magnet for engagement, but it’s the company’s ability to foresee the future of the endpoint market that attracted us as a technology partner,” a rep from Samsung Venture Investment Corporation said in a statement. “Extending tech stacks beyond EPP and EDR to include IoT is the clear next step, and we look forward to collaborating with SentinelOne on its groundbreaking work in this area.