Interviews | October 16, 2024

Security Must Become a Default Part of Cloud Environments


SentinelOne

Matthew Balcer
National Director of Solution Engineering

SentinelOne

Q1. What emerging attack vectors do you see as presenting the biggest endpoint security challenge in the next 3-5 years? What should organizations be doing to prepare for those threats?

What we are seeing is a natural shift of bad actors to focus on where the “money” is. As customers shift from traditional workloads to more dynamic ones the threats will follow. We are seeing the commoditization of very sophisticated attack techniques aimed at traditional endpoints. In other words, more dangerous attacks are becoming more common. This means customers can no longer rely on basic defense tools. Data and visibility will become key. Attack sophistication requires us to push beyond detection, into investigation on a path to resilience. The question is are security teams and the solutions they use ready for a data led approach?

On the other hand, the “big money”, our critical applications and data, are shifting to dynamic workloads. Many Canadian companies are in different stages of this transition. Bad actors love states of transition and chaos. This is also an unnatural place for security as DevOps primary objective is getting assets into production as quickly as possible. The shared responsibility model is both the solution and the challenge. As bad actors shift their attention here, we will have to work together and ensure better code and better posture.

Q2. How do you see EDR technologies evolving in container and cloud-native environments? What unique challenges do these environments present from a security standpoint?

The key term is native. It is a term that might be getting overused, but the inference is a good one. Security must become a default part of cloud environments, and the solutions must be purpose built for the dynamic nature of those environments. These solutions must integrate and not interfere with the “get to market” DevOps pipeline. The only way we rid ourselves of the allergic reaction to security by DevOps is to prove we can secure without sacrifice. At the end of the day developers want to develop and maintain secure applications.

For the security solutions born for the cloud this might seem like table stakes. For a lot of the traditional endpoint or EDR vendors this is a divergence from their foundation. The challenge is there is an advantage to having a solution that provides a single platform for both the traditional endpoints and the container workloads while still having a tactical line drawn between the two worlds. EDR vendors have quickly answered the runtime protection bell because it is most familiar to us. Where the arc of the EDR/CNS evolution will separate the players from the participants is delivering in a cohesive way protection for all workloads from a laptop to a serverless cloud native application. EDR vendors have the advantage of already being a trusted part of the security posture. We must use this position to provide a solution that meets the challenge.

SentinelOne is already mature in this space, our traditional EDR continues to evolve and lead in the industry, our CNS sets a new standard even in comparison to solutions that are CNS only. Our solution includes multi cloud protection, compliance scanning, vulnerability scanning, exploit protection, Secrets scanning, a unique offensive engine, infrastructure as code scanning, posture management, runtime protection, cloud appropriate attack response all integrated within the same platform as our EDR with visibility in our AI SEIM. A cohesive solution with the depth of a standalone!

Q3. What are some of SentinelOne's primary objectives at SecTor24? What can attendees expect from the company at the event?

We really do believe we are in the new dawn of cyber security. There has been a loss of confidence and lack of stability in the market. Bad actors are taking advantage as they always do with chaos and instability. We can’t sit idle or reactive or repeat mistakes because change is challenging.

We hope that SecTor attendees take the time to come to our booth or sit in on one of our talks. Give us the chance to prove that we are different. A chance to prove that EDR, XDR, MDR, MXDR, ITDR, CNAPP, CNS, SIEM, SDL, and yes even AI are just the common acronyms we use to make familiar what SentinelOne does that makes our customers better at security. We want attendees to walk away with the confidence that they can not only efficiently defend their environment but start to gain the upper hand.

Come and talk to us about moving your most critical workloads into dynamic cloud infrastructure in a safe and protected manner. Come and talk to us about auditing your identity posture and detecting attacks at the earliest point of compromise. Come and talk to us about an endpoint protection solution that is designed to help you truly respond to attacks and restore systems during the fire fight. Come and talk to us about protection with minimal friction or risk. Come and talk to us about a data platform that provides visibility without the compromise of scale, performance, and complexity. Come and talk to us about a purpose built for security Gen AI interface that is already being used by hundreds of security professionals to threat hunt, investigate, respond, and operationalize thousands of unique use cases. Most importantly, come and talk to us about making your security team better.

Sustaining Partners