Cybersecurity provider SentinelOne Inc. today announced plans to acquire venture-backed data management startup Scalyr Inc. in a transaction worth $155 million.

Scalyr’s data management technology, SentinelOne says, will enable its customers to detect and respond to hacking attempts targeting their systems more effectively. The transaction could potentially also create market expansion opportunities for the cybersecurity provider.

Scalyr provides a log analytics service that collects operational data from information technology infrastructure and turns it into monitoring dashboards. For example, administrators can use Scalyr’s platform to build a dashboard that tracks application latency in real time. Scalyr’s service was not built specifically for cybersecurity use cases but has features that lend themselves well to that area and, by extension, to SentinelOne’s product plans. 

SentinelOne sells a platform called Singularity that can detect threats across employee devices, servers and other endpoints. The platform catches breaches by analyzing operational data such as system logs for suspicious activity. Scalyr’s log analytics service can ingest such data quickly and from many kinds of systems, a capability that SentinelOne will harness to help Singularity detect threats more efficiently. 

According to Scalyr, its service is capable of ingesting over 200 terabytes of information per day. That’s important for enterprises with a large number of devices because the more endpoints there are in a network, the more logs have to be scanned for malicious activity. 

Another factor behind today’s acquisition: Scalyr lets administrators collect logs without having to define a schema manually to describe how the incoming information should be organized. That’s usually a requirement in large-scale data projects and is technically challenging. By eliminating that requirement, SentinelOne could enable its customers to analyze their security data more easily. 

Scalyr similarly does away with the need to create database indexes. After administrators organize their information by defining a schema, they usually also have to build an index, essentially a collection of information shortcuts that helps the database find and fetch records faster in response to queries. Scalyr’s service eliminates this step, which makes query-heavy tasks such as data breach investigations easier. 

“Scalyr’s big data technology is perfect for the use cases of XDR [extended detection and response], ingesting terabytes of data across multiple systems and correlating it at machine speed so security professionals have actionable intelligence to autonomously detect, respond and mitigate threats,” said SentinelOne Chief Executive Tomer Weingarten.

The company elaborated in its acquisition announcement that “SentinelOne’s data services team will continue offering log management, observability and event data cloud solutions in conjunction.” That might give SentinelOne an opportunity to expand beyond cybersecurity to adjacent markets where log analytics tools are commonly used. On its website, Scalyr states that its platform lends itself to monitoring applications’ hardware utilization, tracking the health of cloud environments and a variety of related tasks.

There are already completive overlaps between the cybersecurity and IT observability markets. Multiple publicly traded data management companies, among them Elastic NV and Splunk Inc., compete in both segments. 

Photo: SentinelOne