Getty Images

SentinelOne reboots Scalyr as enterprise data platform

The cybersecurity vendor launches DataSet as a separate technology service from its core cybersecurity platform to help organizations manage and query large volumes of data.

Security vendor SentinelOne saw the need for data lake technology in February 2021 when it acquired cloud data analytics vendor Scalyr for $155 million.

Now SentinelOne has repositioned Scalyr as an enterprise data platform.

The vendor, based in Mountain View, Calif., has made the Scalyr technology a core element of SentinelOne's Extended Detection and Response (XDR) security platform that enables users to identify potential security risks.

A year after the acquisition, on Feb. 16, SentinelOne relaunched and rebranded Scalyr as DataSet.

The vendor's goal with DataSet is to provide an enterprise data platform that any type of organization can use to manage and analyze large volumes of data for analytics and operational applications, beyond just cybersecurity.

Organizations are increasingly realizing that there is a need to collect large volumes of data to gain insight to improve operations, IDC analyst Stephen Elliot said.

CIOs are taking this opportunity to invest in technologies that ingest massive amounts of data, apply analytics and drive answers to questions that transcend traditional IT silos.
Stephen ElliotAnalyst, IDC

"CIOs are taking this opportunity to invest in technologies that ingest massive amounts of data, apply analytics and drive answers to questions that transcend traditional IT silos," Elliot said. "We are seeing this across security, development and operations teams, and in some cases involving business analysts and product managers."

DataSet chasing the market need for data lake capabilities

Kevin Petrie, an analyst with Eckerson Group, said that while cybersecurity requires domain-specific expertise, the underlying math and processing methods of analytics applications are similar across different domains.

For example, Petrie noted that CloudOps engineers also need to process lots of data, much like cybersecurity professionals do for threat detection, in order to optimize operations.

"CloudOps engineers need help monitoring and optimizing containerized applications that run on hybrid, cloud and multi-cloud infrastructure," Petrie said. "To remove performance bottlenecks and meet service level agreements, they need to analyze the huge volumes of logs from these various components."

Meanwhile, Constellation Research analyst Liz Miller said that in her view, the value proposition of SentinelOne's XDR technology has always been its capacity to understand massive amounts of complex and distributed data to deliver a faster, more contextualized detection and response posture.

"If this capacity to crunch petabytes of data can also be put to work in the service of analytics beyond security, then we could be seeing some interesting use cases and applications," she said.

Screenshot of the DataSet enterprise platform
The DataSet enterprise data platform from SentinelOne provides capabilities that enable organizations to ingest data from multiple sources and then query it in real time.

How the DataSet platform works

SentinelOne realized in 2021 that it had to scale up its platform architecture for data in order to better manage the volume of security data it needed to help detect potential vulnerabilities. That's what led the vendor to Scalyr.

Rahul Ravulur, general manager for DataSet at SentinelOne, said the vendor evaluated different options for buying or building its own data lake analytics platform. After trying out Scalyr, SentinelOne liked the technology so much that it bought the company and has evolved it into an enterprise data platform.

Over the past year, Ravulur said, SentinelOne has continued to develop the Scalyr technology with usability and performance enhancements that have been informed by SentinelOne's own use of the platform.

Ravulur explained that DataSet is able to bring in both unstructured and structured data in an agnostic schema, meaning that it can take in any type of data format.

For data queries, DataSet has its own proprietary query engine that provides users with the ability to quickly query data. Over the query engine is a summary service that can provide real-time alerts and dashboards on top of the data lake data.

"We fundamentally believe that all types of data need to be analyzed in real time to actually get to the answers that an organization needs," Ravulur said. "Data is inherently not useful by itself; rather it is the insights in the knowledge that you can gain from it that make it useful."

Dig Deeper on Data management strategies

Business Analytics
Content Management