SentinelOne, Inc. (S) Earnings Call Transcript & Summary

Excellent. So welcome, everybody, to today's SentinelOne webinar. Today's topic is going to focus on the results of the Gartner Magic Quadrant for endpoint protection platforms as well as the Gartner report that discusses vendor critical capabilities. And we have a number of folks on today's webinar because we want to focus on the customer experience, customers of SentinelOne and kind of what they see. So today joining us, we're -- we have several folks that have been with SentinelOne for a number of years as customers. And really, the main point here is to give you, the audience, a view into what it's like to work with SentinelOne and some of the advantages that some of the chief information security officers out there in our customer base, what they are seeing from a real world just kind of separating the technical from the business outcomes. So I'd like to introduce in turn a number of folks on the call. Owen Connolly is CSO of Liberty Group; Neil Binnie, CSO of Morgan Sindall, Everett Bates, CSO of EverView. And of course, myself, Grant Moerschel, I'm the VP of Competitive Strategy here at SentinelOne. Also on the call, we have [ Chris Bain ]. He is my backup in case my Internet goes out or something odd happens. So Chris will be in the background listening and is my backup. So Owen, can you please introduce yourself?

My name is Owen Connolly, as we said, and I guess I've been doing this for about 30 years on and off and I'm based out in Dubai and the Middle East at Group HQ for Liberty Group which is a fairly large steel manufacturing and mining company which -- with 27 operating businesses across the globe.

Thank you very much. And Neil, introduce yourself, please.

So I'm the group CSO for Morgan Sindall, who's a U.K. predominantly based construction company with about -- not quite as many businesses as Owen, but we work in a wide range of activities across the construction sector.

Thank you very much. And Everett.

Everett Bates, the Chief Information Security Officer for EverView. So we focus primarily on print statements and financial services solutions and other digital solutions as well. So we have multiple business units.

Excellent. Thanks. So we'll go ahead and get started. On today's agenda, we want to talk about some of the changing demands that the CISOs are seeing out there from the security program perspective? Like what's different? And what types of outcomes are important today, maybe compared to even just 3 to 5 years ago. And then we want to have a bit of a discussion about -- a little bit of how the MQ works, how the critical capabilities work? As well as MITRE. And what do these reports add to the decision-making process of a security leader. And finally, we want to get into, why is it that they partner with SentinelOne? And what are some of the results that they are seeing from that relationship? So we want to kick off today the first part of this, and it's a couple of different panel discussions throughout. But the first one is I want to kind of pose this question of how have the demands of your security program changed in just the past few years? What critical outcomes are you looking for? And I'd like to start with Everett. Everett, can you give us your view on topics such as customer focus and risk in this area?

Sure. So anyway, in the past few years, I've only been at EverView around a year, but it's more of a business risk conversation than it has been previously. So that all goes together. One great example I can think of is this is -- we recently had a new CEO come on board and within 2 weeks, he contacted me and said, "Hey, how can I support you? What do you need? Where are we at?" And a few years ago, that wouldn't necessarily happen. So I think it's that shift to understanding that security as a part of business risk, and it's about customer trust, the experience there and security is a selling point with our services, and we have to have it ingrained in everything we do.

So a customer from the perspective of your customers are looking for a higher level of trust in your business now you're operating at?

Absolutely, absolutely. So there's that part of it, and it turns it into a selling point for us. And when you're selling a product, you have to have that in there, especially in the financial space. So that's very important. But other than that, we want to have that trust with our customers. And that's something that is very important, and we want to make sure that we keep delivering on that. So that all goes back into the business risk portion of it as well. And we have a duty to customers and their data.

Great. So Neil, Everett was just saying that his CEO is aware of security maybe more than this person had been in the past. Do you have any input on Board visibility and more senior leadership visibility when it comes to security programs?

Yes. I think 3, 4, 5 years ago with the idea of construction being interested in information security was a little bit far out from most people. It was seen as a financial services issue. But a lot of our clients collaborate with us. They share their data with is we have a very interconnected supply chain globally. So an attack on one is an attack at all. So there's a far higher understanding at a Board level of the impact of a security event on your organization. And I think as Everett said, it's right at the trust and reputation in your brand. So actually, we will work very hard with marketing our brand to get the best customers and get the best contracts. You really don't want to have a mark next to your name if you have a security event. So there's a lot of Board intervention. And we're seeing globally that there's more interest regulatory now is coming as well. So that's starting to back up the pressure from the Board.

Right. So it's fair to say that maintaining reputation in the industry is one of the most paramount things because of all the interrelatedness of businesses.

Absolutely. I think whether or not it's your cyber insurance premiums or whether or not if you're responding to invitations to tender your request for pricing, you're always going to get the question, have you had any cyber issues or events in the last 5 years? And are you going to be honest in these things. So people are looking -- everyone's looking and saying, are you a safe pair of hands? Do we trust you with our data? Do we trust you with our business so you're going to deliver? So we're seeing a huge increase of said oversight and inquisition from the suppliers and the customers.

Yes. Great. Great points. And Owen, I see as related to the interrelatedness of businesses as mergers and acquisitions activities, M&A activities happen, how has that presented challenges to you? Because my understanding is that your business is growing, what does that mean from a security program standpoint as you merge companies in?

It's generally, it means that what we need to do is we need to get them up to speed and up to the same level of security, if they're not there already as rapidly as possible. And I mean that's part of why we use SentinelOne because it gives us the ability to get greater visibility more rapidly in any of these new organizations as we roll it out into these organizations, having tools like Ranger, et cetera, it gives us the ability to discover those sites very rapidly. And in fact, makes us very popular with our colleagues in IT because they can find out the nearly more from us rapid than they can from the on-site teams quite often.

I see. So Ranger for everybody's edification is a tool that gives what, network visibility and the ability to install. Is that how you would describe it?

And it gives very -- it gives great visibility, particularly we're in the manufacturing, and we're in the -- I guess, we're in a business where there's a lot of OT and manufacturing equipment systems. And while you may not be able to install SentinelOne on those, with Ranger Pro you can discover and identify to systems out there. That level of increased visibility is very important to us because it means we know what we need to protect.

Right. Great. So great description. So let's just continue with you Owen. And so as we kind of shift into the second topic here, we just want to give the folks that are here on the call, like why did you choose us -- sorry, SentinelOne. And Owen, is it the technology that you were just discussing? Or that was one part of it, I think, but people, something else?

And honestly, it was a combination of both. It's so first and foremost, we find the team to be very easy to work with. And I think the way to describe them would be a not pushy vendor. There are a lot of vendors out there who are very, very pushy and they -- I often find that the vendors that have the most benefits tend to be the least pushy because their technology speaks -- it works for themselves. And in terms of going back to my point about visibility, One of the things that I'm very, very conscious of the 92 link that I buy is I don't want something that's going to tell me more about all the threats that are out there. I want something that's going to reduce the impact of those potential threats if something happens. And that's what SentinelOne gives me. It gives me that ability to, I guess, get a good sleep at night.

That's fantastic. And that's across a global organization, a lot of different divisions and business...

All departments.

So Neil, if we can pivot to you, what kind of value are you seeing out of the relationship with SentinelOne?

I think I would echo what Owen's sentiments are that SentinelOne is not coming to us selling on fear, they're very open. They want to understand our challenges and how they can help. And it's a more balanced relationship. So we often talk about it as a partnership. EDR, it's your basic it's day 1 as a CSO, you need to know that you've not got malware or bad guys on the endpoint. And as Owen was saying, Ranger also tells you what's on your network that nobody knows about or people have conveniently forgotten about. So we find the relationship works well, the global footprint is working well. And thankfully, it's not an issue for us any longer, but initially SentinelOne the legacy application or the legacy operating system support set you aside from some of your competitors at the time. So yes, it just feels like it's a trusted partnership and EDR, you've got to trust your vendors on EDR.

Well, that's a great observation. I couldn't agree more. You need the tool to work when it needs to work. Because clearly, you want to keep as many of the bad guys out, but you also need that visibility to understand, hey is something else going on that we need to know about. And to that point, Everett, how would you describe the relationship with SentinelOne?

Yes, I would say that they hit it, right? It comes down to partnership for me is a big thing. The technology, easy to point to the technology evaluation like these things are happening, but the partnership is really big. And this is a foundational solution. One of the first things you purchase like Neil said, right? So it's a foundational solution in your enterprise and high visibility across for better or worse. So you need that partnership coming in there and being able to work with the teams and have responsive teams. And I think Owen said this the other day, I thought it was very true is whenever I ask a question, I get an answer. And I think that's a very simple thing, but I haven't just asked a question and not been able to get an answer completely. So that goes back to the partnership piece since it's just a foundational technology for us.

Great. Fantastic. I appreciate that. And I know everybody at SentinelOne who's listening, it does warm the heart, not to sound kind of corny, but it really means a lot to us. So thank you for that. Let's move on to a little bit of the Gartner information. So the next few slides, I'm going to talk about the Gartner MQ, explain a little bit about how it works and how you interpret some of the results. And then we're going to go and continue with some of the panel. So the Gartner Magic Quadrant, I really think everybody is fairly familiar with it. But let's just kind of look at it fresh and see what each of these quadrants mean. So the lower left side of the Magic Quadrant, that particular quadrant to the left side, lower part, these are the vendors that Gartner has classified as niche players. And the definition from Gartner is that these players are -- they're fairly unfocused and they're not necessarily meeting the needs of the marketplace. And not only that, but they're not really performing very well. They may have a small customer base or a customer base that is not getting market fit types of solutions. So you can still have large vendors down there, but they're not selling market-fit solutions that address today's needs in security is kind of the idea. Now if you go to challengers, it's similar that you have vendors who may be selling more product perhaps, but still there's not a fantastic understanding from the vendor of what the market needs are. What is it that the CISO needs for -- to provide a, in our case, a really good security type of solution. Going down to visionary. Visionaries are organizations that, in Gartner's mind, understands the market, but they may be on the smaller side. They're may be not -- they may not have as large of a customer base. And for a few years, SentinelOne was in the Visionary Quadrant because we were developing solutions that Gartner said, "Hey, you're really -- you're spot on here, you're really getting it, you're understanding what the market needs. You're just not as large as perhaps a leader." So the leaders are the ones who are executing well to a compelling vision that meets a market need. So that's how you can kind of think about the different quadrants. And then what does it mean to go right and left or up and down. So the right left movement or the X axis is the completeness of vision okay? So right hand movement is best. And really, what this means is that are you understanding what the customer needs, is -- you meaning the vendor. Are you providing a clear and differentiated message? Do you have support operations that support the customer wherever they happen to be? Are you moving the needle in some way? And then the up, down or the y-axis is more about the ability to execute. It's about coverage and long-term company viability, being able to be nimble to market dynamics, whether it's from other vendors or just things that are happening in the security space? Are you helping the customers succeed? So that's how you should think of the movement across these quadrants. And I'm happy to say that we have maintained our leader position in that quadrant. And we're really pleased by that. So you can see the little yellow error there, where we're positioned. And to summarize, I would say -- and by the way, just -- if you have any questions, please put them into the Q&A. I forgot to mention that before. And also, if you want to get to the report, you'll see you have opportunities to do that. You can see the links down at the bottom of the slide. But sorry, getting back to what Gartner is saying about us is that, I would summarize it as saying that Gartner is saying that SentinelOne has an EDR, XDR that treats all types of organizations we have natively baked identity solutions into our platform. We're doing really well on a continuous consistent basis with MITRE ATT&CK results. We support all sorts of OSs, whether it's legacy to cloud workloads and everything in between, servers, workstations, laptops, Linux, Mac, you name it, as well as mobile. A native MDR offering as well as a growing MDR offerings from a wide variety of partners available globally. And we continue to grow and have major presence in some of the major regions in the U.S. So we're really happy about these up and to the right results, consistent over time. So let's dig into panel discussion. Number three, how is it that my guest CISOs use the Gartner Magic Quadrant in your decision-making process. Neil, let's start with you on that.

Yes. Thanks, Grant. I think there's very few people who make the decision just initially based on Gartner. We all go out, we all do our homework, and we all read and talk to each other. But Gartner is an incredibly supportive decision supporting tool to make sure that what you've done in terms of your analysis and homework is -- it resonates with Gartner. So I think if you -- we were going to choose someone who we thought was a great choice and Gartner then said, these guys are niche players, you'd maybe go back and take another look at things. And I think that's where stealing another guy's thunder. I think that was part of the conversation we had last night around this.

Everett, your view here.

I would agree with that. I would say a lot of it's just that third-party validation of what's going on. And then I'm aware of the different Gartner spaces and what's going on at times, but never go directly there to start making a purchase first. It's more of a third-party validation.

Great. So Owen, when we look back at this graphic here, I see that SentinelOne looks like it's below Microsoft and CrowdStrike, is that -- does that matter to you in this context?

Honestly, not really because I have enough experience to know how to Magic Quadrant works. And Microsoft, obviously, is going to have a greater installed base because of the fact that the Defender is basically native there in Windows. So discounting that for 2 seconds. The fact that you're in the leaders quadrant at all is always a good sign. But realistically, it's -- a lot of it is to do with volume. And there's a certain amount of it that's a self-fulfilling thing, which is you end up listed in more RFPs if you're in the top right-hand corner, but you get more influence in the top right-hand corner, if you're listed in more RFPs. So like it's -- I don't know if I want to call it a virtuous or a vicious cycle.

Great. Fair point. understand. Anybody else, any other commentary before I dig into the critical capabilities? Anything -- anybody forgot points you want to make? Okay. So let's move along, everyone. So now I want to address the Gartner critical capabilities for endpoint protection platforms. Now it is a separate -- but think of it as a separate report, but it's kind of a companion report to the Magic Quadrant for EPP. So they are typically released together at the same time. And the way to think about it is it's a comparative analysis of the -- of some of the capabilities and features of a vendor's offering. So it tends to be -- it's a little bit more technical. It's a little bit more of a deep dive into the major features of any given platform. And there are -- I believe this is 9 -- 8 or 9 different categories that they rate each of the vendors on. So it's ease of use. Is the product easy to use? Is it -- or is it a very technical product? How flexible is the management? What are the EDR functions like? And that can take a lot of different types of capabilities from basic to extremely advanced hunting and visibility features. Does it do basic prevention to keep the bad guys out of your network from the get-go? EPP suite, what that's referring to are what are the other features that are included such as USB control or maybe Bluetooth control, more hardware control and different functions and features that we would have seen, I'll just say, back in the day when we were all buying antivirus suites, let's say, 10 years ago, this is what this is referring to. And OS support. Is it -- are we just talking about Windows? And Mac? what about Linux? What about servers? What about cloud workloads? And these types of other instantiations of operating systems, managed services, and that's specifically referring to managed detection and response with a smattering of DFIR services for incident response? And what is the GEO support like for this vendor? So they break each of -- they break the report down into a couple of different use cases. So the customer use cases are, what type of customer is this? Now these are general categories. And most people who look at this say, well, I'm a little bit of A, and I'm a little bit of B, maybe I'm a little C, as you'll see here in a minute. But what I'm relaying to you here is these are categories and sort of company types that have been defined. And Gartner says that type A or lean forward organizations. And some of their descriptions are, they tend to do early adoption of technology. They tend to look at best of read focus within products. They want the best of the best. They tend to be more well staffed -- again, tend to maybe not want MDR because maybe they're doing the entire security operations stack themselves and they're not outsourcing any part of that. And this is the smallest group of vendors. So the rating that Gartner has assigned to SentinelOne for this type of customer is at the top of all the vendors, 18, I believe, in the survey, SentinelOne is deemed to be most appropriate for Type A organizations, which is fantastic. I couldn't be happier in that. Let's go on to Type B. So Type B is the second one that is described by Gartner. And they tend to look at this as blended approach organizations. Blended approach organizations, they may not be bleeding edge. They may not be early adopters. They prefer to see a little bit more proven technology to make sure that it's stable and it does what it says it's supposed to do. There's a big focus on productivity because they may be more staff constrained. And they -- these organizations may be open to outsourcing some of their security operations to an MDR provider. And this is the largest group according to Gartner. So the way Gartner ranks SentinelOne for Type B organizations is at the top. So of the 18 participants, they've assigned us that we are the most applicable to this type of customer. And then last but not least is Type C. So this is the second largest group. These are more conservative organizations. They tend to be very prevention focused, maybe not as much of the EDR focus, not as much of the advanced tooling focus. And they tend to be pretty severely resource constrained. They're going to be very open to MDR operations because they just don't have the staff a lot of times to deal with it. So where SentinelOne ranks there is at the top again. So we're really pleased to say that whether it's type A, B or C that has been defined by Gartner, they're recognizing that our set of tools and capabilities are very appropriate for many different types of organizations. We couldn't be more pleased by that. So let's get into this a little bit. So the panel discussion #4 is let's talk about what all of this probably means. So Neil, let's talk about your perspective on some of the ease of use and management flexibility.

Yes. Yes. Thanks, Grant. So I think we started off a few years ago as a Type C because it was all about prevention. And then over the period, we've transitioned into Type B. We like some of the Type A stuff. We want to be cutting edge, but we don't want to be bleeding edge, but we certainly want to lean forward. So we're quite happy that the tool that we've chosen with SentinelOne and the partnership is right for us, whatever posture we want to take. I think the ease of use, it just works. We haven't sort of really talked about the migration process that we went from legacy AV to modern EDR. I think it was just painless. I mean it was so long ago, but it was -- I guess, we've all been involved in different software migrations over the years. We've had the sleepless nights, but this one just went very well for us very smoothly. And the management is pretty good, the visibility, the operations guys love it, the deep visibility in the Ranger, and we can actually find out what's going on and make sure that things are working the way they do. And the EDR is a revelation that you don't get hacked by somebody running virus .XE on your estate anymore. They use your own tools against you. They use Powershell script, PDFs. So starting and I Know we're going to talk about MITRE in a minute, but just getting into the capabilities to say look for the unusual, look for the outliers, watch your IoCs. That's really where modern security functions should be doing, not looking for a virus that looks like a different version of the virus from 5 years ago. That's just old hat.

So would you say that -- what is your view on the scarcity of experts and how tools need to adapt to that?

Well, I think we are all resource constrained, certainly in the U.K. there's a bit of an inflation bubble coming just now and good people are in scarce supply. Salaries are on the rise and there's a case if you keep bringing people in, you train them up and then they either want twice as much money or they jump ship somewhere else, which is -- it's a constant challenge that we have. So we want to train people, but we also want to retain them. SentinelOne the entry point for the stock and the analysts and the team is pretty low because it just works. It's very capable and very technical behind the scenes, but the actual ability to drive it and to see what it does is basic. We can give it to someone quite quickly the r-back functionality in there means that they can't really break it, which is great. And as I said, the deep visibility that it gives has been really helpful. We were doing some Windows 10 upgrade rollouts and we kept having issues. The ops team and the [ Engis ] team were really struggling. And we said, well, let's just see what deep visibility says, what's actually going on and we found the root cause with a file that was not what they expect it to be. So I think it's a bit of a golden bullet or a silver bullet for us, a panacea. Everybody likes it right now. Long may that continue.

Great. Thank you for that. So Everett, what Neil was saying -- one of the things he was saying was that you can set -- maybe I'll just say a junior analyst down in front of SentinelOne and provide kind of a view into the security with relation to the SentinelOne platform. Does that mean that it's not an appropriate tool for high-end hunters and IR specialists and people who are really operating at a really high level?

I think that we're always trying to balance out the amount of people, FTEs over to the tools we have. There's just a lot of tools in security by nature. Everybody talks about trying to convince that and platforms and ways to do it, but that's just the nature of it in our current state. Intuitiveness is definitely an underrated feature. So even if you do have somebody that was one of the -- our top engineers in here looking at something for incident response or just looking through rules. The more simple it is the better and being able to get that high efficacy with the intuitiveness is something that is great. You get into some tools, and it's just difficult to use. It might be a great tool, but if it's difficult to use, it still creates a challenge for the team. And I think that's the goal, too, as anything we can do to cross train the team and not have to have the best engineer have to have an expert just for this tool and be able to cross train our teams is really in a position where I want to be.

Great. Great. Great information there. Owen, I want to -- have you perhaps address the last 2 items there, managed services and geo support. Can you give us a view as to the managed services from your experience and kind of how that's working for your organization?

Sure. So as I mentioned earlier, we are -- have 27 operating businesses. We're across 5 continents. And we've had in rolling out the tool and as we acquire new businesses and rolling out those new businesses, the support that we've got from the team has been excellent. And we use the Vigilance MDR service. And I have to say as quickly as we bring up new sentinels and new sites, et cetera, you can see the Vigilance guys already taking them into account. There's none of the -- traditionally, when you worked with managed services, you used to have to kind of turn around and go okay. We're bringing the site up and then we'll roll out the agent everywhere, and then we'll come back to you guys, and we'll bring them on board. There's none of that. The guys just start picking it up from day 1 and very quickly start finding any issues. And I'm based in Dubai, but as I said, the coverage is across the globe, and I actually had a funny situation where -- well, it didn't feel funny at 4 a.m. in the morning, but I was woken up at 4 a.m. in the morning by a very nice gentleman from San Diego, from the Vigilance team. "Hi Owen, and we think you have a major problem on one of your sites". And again, going back to Everett's point about intuitiveness, it's so easy to -- like, he was able to tell me 2 key pieces of information that let me know which site it was, which was one of the sites in Australia. I jumped on teams, reached out to the guys in Australia and got the local CIO on the ground at that site. And he was like, "Oh, yes, I forgot to tell you, we've got a pen test going on" I was like, right, yes, and he's like -- he said, yes, to be honest with you, it's quite funny. I've never seen a bunch of pen testers more frustrated than their lives. So it was literally -- and when you -- when I logged on to the console, all you could see it was basically as fast as they were trying anything, the Vigilance guys were just shutting them down. If the AI wasn't doing it already, the Vigilance guys were already all over it and shutting it down, which is exactly what you want. It does help you sleep at night when they're not waking you up at 4 o'clock in the morning.

Yes. Critical to sleep. So I do appreciate that. And we actually do talk to customers quite often about the -- it helps you sleep at night. So to have -- you actually experience that in your day-to-day world is just amazing to hear. So thank you for that. Any other comments, questions? Anything we forgot folks.

The one thing I would say is one of the things that I really do appreciate is the flexibility, again, going back to Everett's point on intuitiveness, the flexibility of the policies within SentinelOne. The ability to be able to have different policies for each site that we deal with. And within those sites for different groups and -- because obviously, as a manufacturing business, we have a lot of legacy. We have a lot of OT equipment. We have -- and you need to have that flexibility to be able to group endpoints and apply different types of policies to each of them. And every time we sit down with a local IT team, because we're very much about collaboration. So we -- each time we bring a site up online, we bring in the local IT team, we give them access to the policies, et cetera. And again, going back to that or roll-back that Neil was talking about, that ability to have a single site access for a group of IT personnel and allow them to have that visibility and the ability to actually go in and manipulate as well. It does make it much easier to convince people to come on board with the group's strategy.

Great. So it sounds like the -- one quick thing is it sounds like one of the things to your liking is the ability to self-administer how your sites are separated and the group sites, all that, you can kind of make the management council what you need it to be?

Absolutely. Yes. And you can make it more importantly, what they need it to be. Because everything is different.

Yes.

Yes. I was going to jump in on that, Grant, because we make use of tagging as well. So where we have lots of devices -- and they may be different groups, but if a device is doing something specific, it may not be apparent from the device name, but your SOC may not know that, that's a door control system. So you start doing things on it or you may have unexpected outcomes depending on what the device does. So being able to use the tagging functionality against objects in SentinelOne really empowers our SOC to be more aware of decisions they make and the VIP service that you deliver might not be the same as somebody on the front line just in terms of the impact on your future career.

Yes.

That flexibility and that ability to make it your own is a really powerful outcome for us.

I was going to add, I agree with all those things. Something I was reading the last couple of days too that there's a new integration out, a partnership between Wiz and SentinelOne for example, but these capabilities that continue to come out, I think, are helpful too. It kind of helps us address more than a list issue. I think somebody who's talking about vendors earlier. And that's something I look for in a vendor is I'm not really just trying to buy your product. I'm more trying to solve for something and get an outcome. And the more innovation we see in the different items that can be brought in and really supplement these different areas that we need to address is very helpful.

Yes, that's great. Thanks for mentioning that. So the Gartner MQ for EPP is not as focused on cloud security. It's just -- historically, it hasn't been. I anticipate this coming year when the next MQ comes out, there will definitely be more of a cloud focus. And just as a general question, I don't know if any of you have used the cloud security components within our platform, is kind of the first question, but the comment about Wiz. Wiz is an organization who's been extremely successful in posture management security. And to Everett's point, we have inked a partnership with them to provide essentially the best of both worlds together, which is dynamic cloud security for everything that's moving into the cloud. Along with posture management from Wiz. Any comments on that?

Yes. So I'm actually in another aspect of my life, I actually have a very strong relationship with the guys at Wiz and work with it on a regular basis. So actually, when I saw that, I only saw that today, and I thought it was just -- I was laughing, I was going, this is perfect. It is a fantastic combination. Wiz is an extremely strong tool for discovering and understanding your cloud environments. And I know that sounds like it should be something that you should know. But like every form of asset management, the cloud is not necessarily the most intuitive place to be from finding out resources and services you're using. So Wiz is a fantastic tool for that and I'm a big fan of Assaf and the boys in Wiz and seeing that working alongside you guys. And your -- I've worked with the SentinelOne agents, again, in different aspects in terms of the Kubernetes workloads and things like that. And again, when you're dealing with things like that in containers, you want something that's very, very, I guess, small and neat and stable. A very important word. And it's good -- it's something that I've seen in action and it works extremely well. So it's -- I think it's a good combination. And it's going to be an interesting partnership going forward. And in fact, I will say that integration with SentinelOne, as I think Everett, Neil and I have all said, SentinelOne is kind of a core tech that we all use, and it's a foundational tech. And therefore, when I look at other technologies, I actually look for it -- for whether or not it does integrate with SentinelOne in some way. And most recently, I was looking at mail security. And like that, we made our selection based on the fact that it integrates with SentinelOne of the criteria.

Oh, great.

Yes. I was going to jump in. In the marketplace, the integration, so it speaks well that I think SentinelOne plays well with others and trying to stitch together your security controls to make sure you've got the gap but also so the different controls you've got interact and work efficiently and in harmony is really important to us. So I don't know if Gartner called it out in any of their critical capabilities, but it is something that we look for to say how well will this sit alongside other controls. It's just a complex world out there.

Excellent. Fantastic information. Love this discussion. I'm going to move us along into, I think, what is probably the second to the last phase of our webinar. So I want to discuss a little bit about the MITRE ATT&CK evaluations. And you're thinking MITRE ATT&CK evaluations, why are you talking about that? That's -- we're talking about Gartner today. The reason why we are talking about this is because from what I understand and what I've talked to many people about that the MITRE ATT&CK evaluations are another type of proof point that leaders of security will look at in order to confirm their suspicions or their assumptions about vendors price assumption is probably a better word. And SentinelOne has shown continuous leadership for the last multiple years, 3, 4 years of our participation in the various evaluations. So I'll just summarize this very quickly with one slide, and then we'll talk to the panel about how you all are using MITRE. But if you look at the last 3 years, for instance, the enterprise evaluations, really what this gets down to is the reason for the test is identifying whether or not a product can automatically provide rich context without delay and without lots of changes. How does the product work in the real world? And does it essentially do a lot of the assembly of all of the puzzle pieces so that when the human begins to look at it, they can understand what's happening without having to do a lot of work. And if you look at what we've done in performance-wise, we really -- we've ranked at the top for the last 3 years, the ability for the tool to identify what the MITRE ATT&CK folks called techniques, which are the most complex, context-rich types of detections and coverage. So we are on top of the heap there. So the tool works. Second thing is Deception. Deception was what was called an evaluation trial. We were the only XDR vendor to participate in that. So this is part of our identity capability suite. And Deception is all about being able to observe, engage and deceive adversaries who may already be in your network. So please check that out. There's interesting information there. And we do have products that address that. As well as the situational awareness that one gets from a managed service such as an MDR and DFIR offering. What is the customer experiences is really the main point of that evaluation? And it's not about giving the customer massive amounts of information and have them figure out. It's can the service provide situational awareness as to what is happening so that we can work together to expel the adversary. And to Owen's point earlier, he got that 4:00 a.m. call, and it was our eyes and ears looking at his console and then saying, Owen, we've got an issue going on. We need your help in looking at it. But everything else is taken care of by the MDR team in normal situations. So I'd like to just discuss quickly in our second to the last panel discussion is how do you leverage MITRE ATT&CK in your decision-making process? Everett?

I can jump in here. So this actually comes into the last part of our conversation when we were talking about all the tools together they're really using to detect threats in the environment. But this is a framework that we use for security operations to evaluate and continue to mature our program. And do the CDs results, how they match up with the SentinelOne. Once again, it's a foundational product, but more than that, it's how do all the other tools interact? How do the integrations interact? How does our response work to address all these items. So for us, it's a good data-driven way to see how we're doing and how we can continue to mature and just know what type of visibility we have into the environment.

And I mean what I'd add to that is, I guess, the difference between the MITRE ATT&CK evaluation and the Gartner critical capabilities is Gartner critical capabilities is more like an audit. So it's basically, do you do this? Yes, we do, et cetera, whereas the MITRE ATT&CK attack evaluation is more like a pen test. It's basically testing whether or not your product can actually achieve these goals. And that -- so to me, it provides a more valuable input in terms of understanding whether you've got the right tool for the job.

I'll add one thing that a lot of companies that have more rigid processes for evaluations are seeing that this will be used. I've seen many very complex spreadsheets with list of results and how each participant in an evaluation responds to this framework.

If I can jump in. I mean, we didn't use it as much an evaluation of SentinelOne we are using it now. But what we find very valuable is that when you see an event or a threat in Sentinel when it links it back to the MITRE TTP so we can then start to see over time, are there specific attacks that are coming in or what's that telemetry like. And we can start to maybe look upstream and downstream. And the other thing is that we know that some of the big threat actors there, be it Maze or TrickBot, there are signatures published by the threat analysts about what tools they use. So straight away, we can say TrickBot has attacked someone? Are we at risk or would SentinelOne be able to cover that. So when the Board comes to you and says, hey, these guys have been hacked, could that happen here? You're in a position where you can give a fairly confident answer quite quickly, and that's good because nobody likes to see someone who goes "Let me get back to you on that". That doesn't instill confidence.

Right.

So the fact it's baked into the product is really powerful for us.

And what I would say is, as well, adding to that, is going back to Neil's point earlier about getting -- bringing resources into the team and training them up, it's actually fantastic when you bring in junior resources that you can link back to those MITRE TTPs and they can develop a much greater understanding of what's actually involved in these kind of attacks. That in and of itself is a value.

Yes. And I would think that the MITRE folks would be really happy to hear that because that's one of their objectives is about education. What do we mean by the behaviors that lead to bad situations. And what they're doing is they are defining each of the core components that when you link them together in some sort of a chain, you can describe malicious actions and malicious actor's techniques, right? That's what it's all about. So a fantastic point. Shall we move along because we're getting towards the end here. I'm just -- I just have really a couple of things to say about SentinelOne, and then we'll do one more discussion. If there are any questions, please put them into the Q&A, happy to try to answer them. SentinelOne, we've been around for about 10 years. We have over 9,250 customers that run the gamut from the largest organizations on the globe to commercial organizations of a few thousand people. We have a very healthy MSSP business. So we essentially are running the gamut from all sorts of different types of organizations. And hopefully, what you took away today was that our platform adapts to skill levels of all different types and can fulfill all sorts of different needs as well as gets you into a place where you can begin to think about consolidating some of the 50 or so security tools that you may have in your arsenal. I'm not going to spend a lot of time on this, but the security platform is built on what we call the security data lake, which provides a mechanism to ingest both the native data we have coming from our different software componentry out there that may be running on all sorts of different OSs as well as the ability to pull in data from some of our integration partners so that you can get a more singular view of what is happening from a security standpoint. We provide EPP, EDR and XDR capabilities. As mentioned, we have very robust dynamic security for cloud, and this new partnership with Wiz will extend that into posture management. We have identity capabilities that help you understand where some of the problems are in your active directory and your Azure AD as well as identifying when a situation occurs, where an identity has been stolen and is being misused internally. And all of that is complemented by a -- not only a product support organization, but also a threat services organization that delivers MDR and IR services. And I'm going to go ahead and leave it at that. But I would like to kind of wrap it up with the panel as to what's different about SentinelOne, Neil?

I think we've already -- we've probably already talked about the partnership, it's a great open honest relationship. I mean the technology is there, you look at SentinelOne Labs, you look at the watchtower reports and some of the research you're doing, the depth and complexity of the product. That's great. And that's an entry to the game, if you like. But what sets us -- what sets SentinelOne out apart from some of our other vendors in the sector is that partnership. It's the win-win. He's not selling a product. It's selling an outcome and letting us sleep at night. So I think more power to you guys and carry on doing what you're doing?

Fantastic. Anybody else?

I would add in, I think, 3 words over the side kind of form it up, but it's just the partnership and the culture, the pushy sales tactics aren't there. So I'm actually more likely to take calls from SentinelOne because I know at that point, it's -- if you're trying to show me a product or a feature, it's not going to be like an immediate sales push after that. So just the culture around it and looking for those outcomes, like Neil mentioned, is something that's always resonated with me.

Yes. I mean I'll sum it up by saying very simply that the SentinelOne team are guys I would generally quite happily for a beer with.

That's excellent. Any other closing comments, observations? Anything we've left -- any stone we've left on turn. We've covered a lot of ground in this webinar. And I really thank each of you for taking the time. You all are -- you're very busy. You've got a lot of responsibility. It really means a lot to us that you take the time to help communicate that to the -- all the folks on this call. So I guess with that, we will close it up. Everybody who's on the call here, you can go to s1.ai. We have a number of different links. The first one is gartnerCC, where you can get -- it will lead you to the page where you can get the critical capabilities report. And then the s1.ai/GartnerMQ page is the landing page for getting access to the full PDF of the MQ report. If you would like, please feel free to request a demo, engage with us. Drop us a line. Let us know what you need, what other information you need. We'll follow up with you. Happy to answer any questions. Again, we've covered a lot on the call today. But the gist of this is that SentinelOne is not only a visionary, but we are meeting market fit. We have customers that are coming to us, they stay with us, they invest more, and we couldn't be happier by that. We're helping customers solve true problems in their environment and we would love to talk to you more about that. So with that, thank you all, each of you, Neil, Owen, Everett, and thank you, Chris, for the backup. It looks like my Internet worked the whole time. I want everybody to have a great day, and thank you very much.