Automated endpoint security company SentinelOne has acquired Scalyr, a log management and data analytics platform, for $155 million in equity and cash.
Scalyr, founded by former Google executives Steve Newman and Steven Czerwinski, offers a software-as-a-service solution that incorporates log aggregation, search and analysis, server metrics, dashboards and alerts and external monitoring. Its core event database feature, according to the company’s website, is designed to pull data from a wide variety of sources, including an agent installed directly onto customer servers to collect logs and server metrics, Scalyr’s own monitors that can probe servers or import Amazon cloud metrics and an SSL-based Application Programming Interface.
SentinelOne claims the technology will allow it to eliminate most data schema requirements and offer an XDR platform that can ingest logs and other unstructured data in real time from virtually any source or database, something the company is keen to incorporate into its extended detection and response platform.
SentinelOne Chief Operating Officer Nick Warner said in an interview that the “magic” behind Scalyr’s solution lies in its ability to query unstructured data as its being indexed, something that could save precious time during threat hunting and detection activities. He also said company executives were attracted to a number of core capabilities in Scalyr’s solution that they believe will help differentiate them in the automated detection and response market: namely its ability to ingest data from any source, regardless of format or type, process that data at the same kind of speed as attackers and do it at scale.
“We evaluated the market and it became clear to us pretty quickly that Scalyr was the only [company] that existed in the world that was acquirable and had this type of technology,” he said.
Warner said in addition to incorporating Scalyr’s tech into Singularity, SentinelOne’s enterprise protection platform, SentinelOne plans to keep all of the approximately 50 Scalyr employees on staff, where they will continue to operate as a separate business unit serving existing customers “over the short term and long term.”
The company has an aggressive timeframe for integrating Scalyr’s capabilities into Singularity, saying customers should expect to see “a major, major evolution” in extended detection and response capabilities by summer 2021.
Larger enterprise customers, Warner said, “really explained to us that at the end of the data, security is a data challenge, and if you can crack the code on analyzing, adjusting and taking action on data better and faster than anyone else, then that’s going to be an enormous advantage for us in the market…and that’s what we feel like we’re solving for with Scalyr.”
Managing and processing voluminous log data is often cited as one of the most difficult tasks for businesses on the lower end of the security maturity spectrum. Alyssa Miller, Business Information Security Officer for S&P Global Ratings, told SC Media last month that companies who are less security-focused routinely underestimate the vast amount of data their IT assets produce on a daily basis and often lack a strategy for processing it.
“If you’re going to do this right from the start, you would really have to be thinking from day one as you start to spin up a network, ‘how am I going to manage all of the log data that comes from this network?’” she said. “And that’s where no one ever begins, ever. That’s the last thing someone’s thinking about when they’re going to start creating a network.”
Meanwhile, a number of security vendors told SC Media late last year that a lack of standardized data formats is one of the biggest inhibitors preventing companies from further automating low-level threat intelligence data sorting. In the SANS 2020 Annual Cyber Threat Intelligence survey, nearly half (47.8%) of participants cited lack of interoperability and automation issues as roadblocks to implementing effective threat intelligence programs.