Differentiation beyond native AWS security and AI services
AWS already offers core security and AI services like Security Hub, Security Lake, and native AI tools. SentinelOne’s view is that the real value comes from connecting those signals across environments and acting on them together, not treating each one separately.Nick Davis, Sr. Director Product Management, Cloud Security and Exposure Management at SentinelOne, explained to ChannelE2E:“SentinelOne's multi-surface solution recognizes that most cloud breaches don't start in the cloud. It defends against holistic attacks from endpoint to cloud, securing production environments across multiple cloud providers (AWS, Azure, GCP, Oracle, Alibaba) and hybrid environments. SentinelOne's autonomous SOC platform leverages AI both to secure AI usage and for security itself. Observo's AI-powered data pipeline ensures customers ingest only the necessary security data. Once in SentinelOne, Purple AI offers benefits like natural language querying, auto-triage, and agentic workflows via the MCP Server.”
“SentinelOne differentiates itself by prioritizing seamless integration, bidirectional data flow, and open data standards. This strategy maximizes customer flexibility in choosing where security data is stored, streamed, and analyzed. A core element is the deep synergy between SentinelOne's Singularity Platform telemetry and data from strategic partners like AWS. This combined intelligence provides significant security advantages through enriched context and correlations, powering sophisticated threat detection and response across the entire modern attack surface, including cloud, endpoint, identity, and AI systems.”
Unifying AWS security data inside Singularity AI SIEM
The new integration with AWS Security Hub allows prioritized findings to stream directly into Singularity AI SIEM, where they can be correlated with endpoint, identity, and AI telemetry. Instead of responding to cloud alerts in a silo, security teams gain a consolidated view that supports faster investigation and automated response.Expanded Amazon CloudWatch integration builds on the same idea. By enabling bidirectional data flows aligned to the OCSF standard, SentinelOne allows customers to pull operational and security data into Singularity for correlation, or push enriched security data back into AWS services for storage and analysis. Support for AWS IAM temporary delegation further reduces setup complexity, helping customers reach usable outcomes faster while keeping IAM control inside their AWS accounts.The focus here is operational continuity: fewer handoffs, fewer blind spots, and less manual work stitching signals together.What Purple AI MCP really means for Security Providers
One of the more nuanced announcements is the availability of Purple AI MCP Server in AWS Marketplace. SentinelOne is explicit that this is not a resale motion.As Davis explains, “Purple AI MCP is not a product for our partners to resell to end customers, rather it is an open source solution freely available on AWS Marketplace and our GitHub. The Purple AI MCP Server provides secure access to the full context of the Singularity Platform, allowing access to any tool you wish to use. Partners can build their own custom AI agents using frameworks (like Amazon Bedrock, OpenAI AgentKit, Google's Agent Development Kit), giving them the full context and analytical power of the SentinelOne platform to make decisions. Purple AI MCP is designed to empower builders and MSSP partners who want to push what’s possible with agentic AI, enhance their integrations, uplevel their services, and drive AI into their service delivery.”Rather than packaging Purple AI as a fixed feature, SentinelOne is enabling MSPs and MSSPs to embed SentinelOne context into their own AI workflows. This approach shifts value creation toward service design and differentiation, not license pass-through.Observo AI and AI SIEM as monetizable platforms
Where MSPs and MSSPs can drive direct revenue is through Singularity AI SIEM and Observo AI, particularly as customers reassess legacy SIEM deployments and data costs.Davis sees these components as a foundation for higher-value services: “With Observo AI and Singularity AI SIEM, MSSPs have a unique opportunity to offer customers a better platform on top of which they can provide valuable security services. They can deliver new offerings, helping clients consolidate various data into a single data lake, improve or replace costly, complex legacy SIEM systems, and develop premium ‘data-as-a-service’ products that monetize data and deliver advanced security analytics.”Performance and scalability are part of that equation. SentinelOne recently introduced a major query scalability upgrade, which Davis positions as an enabler for faster deployments:“SentinelOne recently released a 20x query scalability upgrade, meaning that AI SIEM is the industry-leading SIEM for query scalability and performance. Coupled with Observo, MSSPs can get customers deployed faster than ever and more efficiently than ever, ensuring they have all of the security data they need, and none that they don't.”
Data gravity, ingest costs, and long-term security economics
As AI-driven security operations scale, data gravity and ingest pricing become strategic concerns rather than procurement footnotes. SentinelOne is positioning its AWS Marketplace offerings as a way to redesign those economics.Davis frames the impact this way: “The availability of these AI-driven security tools on the AWS Marketplace transforms an uncontrolled cost center, dominated by ingest fees and human labor, into a scalable, cost-optimized tool strategically built to deliver smart data management and AI-powered automation. Customers and partners should consider data gravity, ingest costs, and long-term economics when optimizing, architecting, and orchestrating.”Observo AI plays a central role by filtering data before it becomes expensive: “Leveraging Observo AI, customers can filter high-volume, low-value logs to cheap cloud storage (e.g., S3) and send only high-priority, enriched data to the premium Purple AI analysis layer. Essentially eliminating ‘SIEM cost bloat’ by minimizing premium ingestion fees. You get maximum security outcome while spending the minimum possible on data ingestion.”Running these components directly inside AWS also addresses data gravity concerns:“Co-location on the AWS Marketplace solves the Data Gravity problem. By deploying Purple AI and Observo inside the AWS environment, security teams eliminate massive cross-cloud data movement fees (egress) and latency issues, ensuring faster processing where the data lives.”
