A platform for automating the protection containers from SentinelOne is now generally available.
Fresh off raising an additional $200 million in funding, SentinelOne developed its Singularity platform to identify which communications between services should be whitelisted between endpoints and then identify and block any anomalous behavior. That approach allows SentinelOne to track, among other things, the behavior of microservices based on containers.
Guy Gertner, vice president of product management for SentinelOne, says that, from a cybersecurity perspective, a container is just another type of endpoint. As such, the container and cloud-native workload protection (CWPP) module is integrated tightly with the Singularity platform.
Container attributes captured by SentinelOne include cluster name, node name, deployment type, pod name, container image name and container ID. That capability helps provide much-needed visibility into containerized applications, says Gertner.
The SentinelOne platform not only protects and even kills container runtimes, but it also provides DevOps teams with access to a set of shell commands to any Kubernetes pod that can be employed to remediate security issues. That capability also will play a critical role in enabling IT organizations to embrace best DevSecOps processes, he notes.
IT organizations will need to decide to what degree they want to focus on securing services rather than individual containers, which tend to be replaced frequently. There may be vulnerable code inside a container, but those vulnerabilities might not be around long enough for cybercriminals to exploit. Given the ephemeral nature of containers, many IT teams tend to focus more of their time and effort on securing services that are updated much more often.
Regardless of the strategy employed, it’s apparent microservices-based applications are a lot more challenging to secure than traditional monolithic applications. On the plus side, however, despite their inherent complexity they tend to be a lot more secure because cybersecurity teams don’t have to patch an entire application to make sure it secure. Instead, developers only need replace the containers that have vulnerable code.
SentinelOne claims to already have hundreds of the Forbes Global 2,000 enterprises amongst its more than 3,500 customers with a 134% net customer retention rate. Overall, transactions grew more than $2 million over the last year, the company claims. Now valued at more than $1 billion, SentinelOne, like most cybersecurity vendors, will find it challenging to differentiate itself in an increasingly crowded container security category that has attracted both startups and incumbent vendors alike.
The degree to which SentinelOne will be able to extend the reach of that base into the realm is, of course, unknown. Nor is it precisely clear whether cybersecurity teams or DevOps teams would fund the acquisition of a container security platform. What is clear, however, is there will be a need for a platform capable of fostering some much-needed collaboration across those disparate teams and cultures.