KPMG adds SentinelOne to cybersecurity

https://www.businesswire.com/news/home/20220125005763/en/

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–
SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced that KPMG LLP’s (KPMG) Cyber Response Services team will use SentinelOne’s Singularity XDR platform to accelerate investigations and response to cyberattacks. KPMG is also leveraging SentinelOne for compromise assessments across its customer portfolio.

“The magnitude of cyber incidents that we encounter requires a combination of leading technology and strategic services to effectively mitigate risk,” said David Nides, Principal, KPMG. “These incidents come with high pressure, compressed timelines, and the potential for significant financial and reputational losses. SentinelOne’s Singularity XDR platform can help accelerate the identification of and response to advanced threats.”

The KPMG Cyber Security Services team has been involved in many of the most high-profile breaches worldwide. KPMG can utilize SentinelOne’s Singularity XDR platform and Storyline Active Response (STAR) technology in incident response cases. SentinelOne’s AI-powered technology provides threat mitigation, remediation, and ransomware rollback capabilities.

Following SentinelOne’s 2021 acquisition of Scalyr, a leading cloud-scale data analytics platform powering SentinelOne XDR, KPMG is also leveraging the technology to rapidly ingest, correlate, search, and action data. This provides instant insights into endpoints anywhere in a centralized location.

“Milliseconds matter in breach situations. Incident response underscores the criticality of SentinelOne’s autonomous platform, which delivers machine-speed visibility, protection, and response,” said Nicholas Warner, COO, SentinelOne. “It’s an honor to be included in KPMG’s Cyber Security Services incident response capabilities and to enable global organizations to effectively prevent as well as respond to sophisticated attacks through and with the experts they trust.”

https://advisory.kpmg.us/content/dam/advisory/en/pdfs/cyber-…

I did find on Page 7: microsoft, crowdstrike, and 5 other EDR vendors are already included, prior to SentinelOne’s addition

38 Likes

Came across a VentureBeat article that delivered much greater detail about SentinelOne’s addition to KPMG.

My takeaway is that SentinelOne appears to be KPMG’s newly preferred choice when it comes to incident response…even though other vendors have been their partners for a long time prior.
I couldn’t find on a search of KPMG speaking highly about its other partners in the past. I did find KPMG used Crowdstrike for SolarWinds investigation but that was way before July 2021 when SentinelOne actually became its partner.

I am really impressed by KPMG’s high praise for SentinelOne’s XDR. Looks like the better AI/automation that SentinelOne frequently touts is truly a differentiating advantage.

https://venturebeat.com/2022/01/25/sentinelone-xdr-enables-g…

“SentinelOne told VentureBeat that it now has more than 130 incident response (IR) partners in total, up from 29 at the beginning of 2021.

Revenue from IR partners grew by four times last year, compared to the year before, said Nicholas Warner, chief operating officer at SentinelOne.

KPMG’s cyber practice employs 550 security professionals in the U.S. and 5,000 globally, and the firm has been using SentinelOne’s extended detection and response (XDR) technology to aid its investigations of data breaches.

In particular, XDR technology from SentinelOne’s acquisition of Scalyr last year has proven to be a “game changer” in terms of automating and accelerating KPMG’s IR work, said David Nides, principal for cyber response services at KPMG. The technology provides “everything in a centralized location for you to query — and to ultimately answer the questions that need to be answered,” Nides told VentureBeat.

KPMG became an IR partner of SentinelOne last July, though the partnership was not disclosed until today.

While less than 5% of organizations are using XDR today, that’s expected to climb to 40% by 2027, according to a recent report from Gartner.

At KPMG, bringing automation to this process helps to scale the firm’s collection and review of artifacts, Nides said.

The capabilities are critical for investigations of companies that hadn’t been using an endpoint detection and response (EDR) tool, he said. The Scalyr-powered SentinelOne XDR platform essentially allows investigators to “go back in time to answer these really important questions,” Nides said.

While a growing number of vendors have begun offering XDR, when it comes to IR use cases such as this, Nides said that the SentinelOne platform with Scalyr’s technology is the first truly “commercial” version of the capability that he’s seen.

The bottom line for KPMG, Nides said, is that the technology is helping the firm to “do more incident response.”

“There’s a war for talent. And as important as people are in this process—I don’t think you’re ever going to entirely be able to replace people [in IR]—it’s about doing more with the people that you have,” he said. “Having technology and automated processes like this just allows us to take on more engagements.”

30 Likes

Hi Jon, Thanks for your post.

I felt I should reply as I was one of the first posters about CrowdStrike on this board and at a point of time it was the largest in my portfolio. I kind of knew what CrowdStrike was doing much before their IPO; as some of my friends from MSFT went on to work for Crowdstrike and that got me intrigued about what they do.

Here are few things I would like to point out and I’ll be as non-technical as possible…

The hype about XDR (Extended detection and response): This term was coined by Nir Zuk of Palo Alto Networks but recently many companies are talking about XDR as if it’s their USP :grinning:.
I think I wrote in one of my replies here ( or on twitter) that I have slightly reduced my present allocation in SentinelOne and Crowdstrike from 3:1 to 2:1.

Here’s why…

#1: A lot security breaches happen in cloud workloads as a result of cloud misconfigurations but somehow I don’t see that being addressed by SentinelOne.

#2: I’m not sure if you have seen some of my earlier posts on CrowdStrike but I had written about their lightweight agent and ease of their onboarding and deployment process and I think that still holds true. If that process is burdened with false positives and delay in reaching an optimization phase it can be a burden and expensive for a customer.

#3: With Security being very granular these days, vulnerability management needs to be integrated into CI/CD while supporting Kubernetes with EKS, AKS, GKE, including support for AWS Fargate serverless compute container etc. I’m not sure how well these are supported by SentinelOne.

#4: Zero Trust: I don’t think that SentinelOne has native support for identity protection. Today almost 80% of breaches are identity related.

#5: Alerts that fire all the time can become nuisance ( I’ve first hand experience of that and it’s also hard to tune down those just incase they were not false positives; kind of a catch 22 situation). So each alert must have good context from any threat AI algorithm. So that consumers don’t have to spend effort in prioritizing those. Else, you would need a lot of human effort in prioritizing and resolving those. I feel a lot of those incident response vendors have trained personal who help in that effort and they must be incentivized to do that.

Someone had asked me off-board what I liked about CrowdStrike and the above was my response and thought it would be helpful for the board members/visitors as well :grinning:.

Nevertheless, I still have 2x more invested in SentinelOne as I feel they are a smaller company, growing revenue faster and with the Security tailwinds and budgets they will do better in the near term compared to CrowdStrike. And to be honest, I don’t know who would be the top dog two years from now but the CISA endorsement and the CrowdXDR Alliance is an advantage that CrowdStrike has.

Cheers!

ronjonb (@ronjonbsaas on twitter)

P.S. The CrowdStrike vs SentinelOne is the perfect case where I’m skeptical about going all in on one. That’s why I like calling it my Security Basket ( Zscaler 20%, SentinelOne 10%, CrowdStrike 5%).

53 Likes

Came across a VentureBeat article that delivered much greater detail about SentinelOne’s addition to KPMG.

JonWayne,
That post with the quotes from the Principle for Cyber Response Services at KPMG about their partnership with SentinelOne is a real gem.

I also loved these two quotes from Sentinel:

SentinelOne told VentureBeat that it now has more than 130 incident response (IR) partners in total, up from 29 at the beginning of 2021.

Revenue from IR partners grew by four times last year, compared to the year before, said Nicholas Warner, COO at SentinelOne.

Saul

26 Likes

Somewhere up in this thread I had mentioned…

#2: I’m not sure if you have seen some of my earlier posts on CrowdStrike but I had written about their lightweight agent and ease of their onboarding and deployment process and I think that still holds true. If that process is burdened with false positives and delay in reaching an optimization phase it can be a burden and expensive for a customer.

Well, here’s a recent example to support that… some of the bolding are mine and I’ve provided the link to the actual case study if you’re interested.

Phoenix, the fifth largest city in the U.S. deployed CrowdStrike’s world-class endpoint security and services to protect diverse infrastructure.

"When Shannon Lawson, CISO at the City of Phoenix, told senior city managers about the costs associated with ransomware attacks on Atlanta and Baltimore, it was the kickstart they needed to support a comprehensive review of the city’s security posture.

The City of Phoenix is the municipal government for Phoenix, the fifth largest city in the U.S. It provides about 1,600,000 citizens with a wide range of public services including water, police, fire and housing, and employs 13,000 staff across diverse and often autonomous operational units."

Choosing CrowdStrike was a No Brainer

Lawson conferred with several other public sector organizations that had deployed CrowdStrike. However, it was not until the city ran a trial that the real power of the CrowdStrike Falcon® platform and Falcon Complete™ managed detection and response (MDR) service became apparent. Lawson likened his initial experience of evaluating CrowdStrike to the movie Aliens when the crew scans the spaceship and watches, mesmerized, as the alien gets closer and closer. “We set up CrowdStrike to monitor our environment and witnessed the launch of a keyboard attack targeting our externally-facing PeopleSoft servers,” explained Lawson. “CrowdStrike immediately detected the threat attempt and before anything malicious could occur, we were able to shut down the servers. The CrowdStrike team then calmly walked us through the resolution process and helped ensure that the servers couldn’t be compromised in this way again.”
“Bam! Right off the bat, CrowdStrike delivered and then some. Choosing CrowdStrike was a no brainer for us all,” Lawson said. “Everyone was sold."

Rapid Deployment, Rapid Returns

The city deployed a broad selection of CrowdStrike products, using the Falcon platform to deliver widespread capabilities, including EDR, next-generation antivirus protection, IT hygiene and vulnerability management. To offset the industry-wide shortage of security expertise, especially in the public sector, Lawson implemented CrowdStrike Falcon Complete MDR and purchased a CrowdStrike Incident Response Retainer. Starting with the pervasive information technology services (ITS) group, CrowdStrike was rolled out across the city’s environment and immediately onboarded, in less than 24 hours, by the Falcon Complete team. “We were operational right off the bat,” Lawson said. “Some vendors make products that are unnecessarily complicated and need a PhD to understand. Falcon is not one of these. Ramp-up time is minimal for something this sophisticated. It has a very intuitive interface that accelerates analyses and the amount of information it gives us is unreal. Really, it’s that good!” To maintain continuous protection, CrowdStrike was implemented on endpoints prior to the city’s legacy security application being uninstalled. In some instances, a third, well-known endpoint security tool also had been running in parallel on the same device. “We had the perfect trifecta on some of these systems to do a meaningful three-way comparison,” Lawson said

Reference: https://www.crowdstrike.com/wp-content/uploads/2021/10/crowd…

Cheers!

ronjonb (@ronjonbsaas on twitter)

22 Likes