In a recent conversation with CRN India, Brian Lanigan, Senior Vice President of Global Partner Ecosystem, SentinelOne, delves into the company’s evolving partner-first approach, strategic focus on AI-driven cybersecurity, and the role of a unified global framework. He shares insights into how SentinelOne is empowering partners—from MSPs and MSSPs to GSIs and cloud hyperscalers—to navigate the complex cybersecurity landscape and deliver holistic solutions to customers. Lanigan also discusses the company’s growth outlook, the evolving role of partners in a SaaS-dominated world, the significance of the Global PartnerOne Program, and how SentinelOne is addressing emerging threats with innovations like Purple AI’s latest updates..
So first I would ask you about how the business has been in the last financial year and what are your projections for this one?
When we talk about our partner ecosystem, it includes everything, from cloud service providers like AWS and Google to cybersecurity-specific channels like incident response teams, cyber insurance, and legal firms, especially important in endpoint protection. One of our key strengths has been our partnerships with managed service providers (MSPs) and managed security service providers (MSSPs), who offer full-stack, outcome-driven solutions to their customers.
We’re a 100% channel-driven company, nothing we do is exclusively direct. We also work closely with value-added resellers, distributors, and strategic technology alliance partners. As we scale from endpoint protection into AI-driven data and cloud security, integrating technologies across the stack to drive customer outcomes is critical. Finally, we also focus on working with GSIs and SIs to round out our global partner ecosystem.
Do you think the role of partners has evolved over time? Initially, they primarily served as box movers, but they have since transitioned into value-added solution providers. How do you see their role continuing to evolve in the future?
The role of partners has definitely evolved and continues to be foundational to our growth. Our success has been—and still is—driven by our partners. What we’re now focusing on is identifying partners who are truly embracing the SaaS world, which spans endpoints, data, and cloud. In today’s ecosystem, it’s not just about individual components, but about how hyperscalers, value-added resellers, incident response firms, and managed service providers can work together seamlessly.
We’re aiming to build an interconnected partner fabric—because that’s when partners are most effective at securing customers. Beyond that, we’re looking at the added value we can bring, especially in the SIEM space, where services like data migration, dashboard customisation, and rule writing are critical. While technology plays a key role, services remain essential in terms of both capacity and capability.
Ultimately, we’ll invest in the partners who invest in us—those who dedicate resources, marketing support, and skilled services personnel. That’s where our focus will be.
How does the Global PartnerOne Program differentiate SentinelOne’s approach to partnerships, and what are the key strategies to ensure its success in diverse markets like India?
SentinelOne is a high-growth-at-scale company, and like with most rapid growth stories, different parts of the ecosystem were built at different times, often in silos. What we were missing was a unified partner framework—one that didn’t simply label partners as resellers, MSPs, or service providers.
With the Global PartnerOne Program, we wanted to shift the focus from labels to engagement. It’s built around how partners engage with us: are they selling on our behalf, managing SentinelOne environments, building on top of our platform like an ISV, or delivering services? Maybe they’re doing all of these.
The program brings everything under one umbrella with a shared set of terms and requirements. Each engagement type–sell, manage, build, and deliver–comes with its own set of expectations and corresponding benefits. This flexible, integrated approach helps us adapt to diverse markets like India, ensuring our partners have clarity, support, and value regardless of how they choose to work with us.
Would you like to discuss some of the challenges that your partners commonly face, as well as any issues that are unique to the Indian market?
One major challenge is simply knowing where to focus—how to make sense of what’s happening in the SIEM space, which is currently seeing a lot of disruption. For example, Splunk being acquired by Cisco has created waves—I was at Splunk for nine years—while other tools like Curator are being phased out.
Then you have newer solutions like SentinelOne taking a completely AI-driven approach to the problem, which is very different from traditional models. It’s somewhat similar to the shift I saw back when I first joined Splunk. Navigating these changes and understanding what will truly help the customer is a key challenge, and we’re working closely with our partners to support them through this journey.
Cloud security is another massive area, with huge market potential. But again, the focus needs to be on what can actually deliver real outcomes for customers—not just what sounds good due to strong marketing. There’s a lot of noise in this space.
As for the Indian market specifically, I haven’t heard of many distinct challenges from partners here, so it’s still evolving.
With AI playing a pivotal role in cybersecurity, how is SentinelOne equipping its partners to leverage AI-driven solutions effectively, both in terms of technology and training?
AI is definitely the buzzword right now, especially evident at RSA last week, where it was featured at nearly every vendor’s booth. But for SentinelOne, AI isn’t new. We built our platform using AI from the ground up.
Last year at RSA, we introduced Purple AI, which sits on top of our core platform. Its purpose is to help move toward an autonomous SOC, essentially enabling teams to manage security operations with fewer resources or extend the same team’s capabilities across a broader environment. This is critical given the shortage of skilled SOC analysts.
At this year’s RSA, we previewed the next generation of Purple AI. It will bring powerful new agentic capabilities that can be used with all data from your security operations center (SOC), whether it is native to our platform or comes from 3rd party SIEMs or data lakes.
So to sum up, there are two key ways we’re enabling our partners: first, by helping reduce the need for constant monitoring, less eyes on glass, while expanding coverage; and second, by streamlining how they can use data from across the entire SOC.
The 2025 Predictions report by Forrester estimated that cybercrime would cost a total of $12 trillion in 2025. In terms of your cybersecurity solutions, how are you working to address this challenge? Are you helping your customers strengthen their security posture to better protect against evolving threats?
Resilience is at the core of everything we do, it’s embedded in our culture. Our approach to cybersecurity starts with endpoint detection and response, which is crucial as the perimeter remains a key vulnerability. From there, we focus heavily on cloud security, covering workloads, containers, and ensuring that sensitive data like keys and certifications aren’t exposed in the public domain, which is a major risk area.
We’ve built our platform from the ground up on a cloud-native data architecture. This isn’t a patchwork of acquired tools with a strong marketing front, it’s a unified solution designed to deliver holistic protection. Everything connects seamlessly, from endpoint to cloud, and integrates into a SIEM to give customers complete visibility and control.
We also work closely with our partner community. When breaches happen, as we’ve seen recently in the UK, incident response teams often come in with SentinelOne at the core of their strategy. They use our platform to quickly secure the perimeter and the cloud, helping customers recover fast and avoid the devastating impact of threats like ransomware.
Do you have any particular partner programs exclusive for the Indian market?
There’s nothing specifically exclusive for the Indian market because everything we’re doing is designed to be globally applicable. If you look at the various go-to-market routes we’ve developed—managed service providers, ISVs, response firms, they all apply to India as well. In fact, India tends to adopt the full range of our offerings, sometimes even more so than other countries that may only adopt a subset. So while there’s nothing created solely for India, the programs are very relevant and well-adopted here.
What do you believe partners need to do to better align with your vision? Are there specific areas where you see room for improvement or greater collaboration?
What I really ask of our partners is to engage with customers with a mindset of perpetual curiosity, constantly exploring what more we can solve together. Traditionally, due to our background in endpoint detection and response, many partners tend to stay within that comfort zone. But there’s so much more we can offer to our shared customers.
For instance, let’s start asking about their cloud security journey, or their long-term SIEM (Security Information and Event Management) plans—because, honestly, no one is fully satisfied with their SIEM. That kind of ongoing curiosity helps us better serve customers together.
Secondly, we have a very strong partnership with AWS, which is never a replacement for the ecosystem, it’s AWS plus the ecosystem,so we always encourage partners to actively collaborate with their AWS counterparts. Can we jointly leverage the resources both of us get from AWS to drive pipeline, events, and campaigns together?
In short, stay curious about customer needs, especially around security, and collaborate more closely with AWS.
thank you for this