SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Flux result 95402d75 a4c4 4756 b714 ce38640d61f0
#
Ransomware
#
SIEM
#
Digital Transformation

LevelBlue & SentinelOne expand security partnership

Wed, 25th Mar 2026
Author image
By Catherine Knowles, News Editor

LevelBlue and SentinelOne have expanded their global strategic partnership to cover managed security operations and incident response services.

Under the agreement, LevelBlue will serve as SentinelOne's preferred global partner for managed detection and response and managed security information and event management services. It has also been named a preferred incident response provider, extending the relationship beyond detection and monitoring into breach containment, investigation and recovery.

The partnership combines SentinelOne's Purple AI and Singularity Platform with LevelBlue's Indigo platform and threat-intelligence-led operations. The aim is to link data analysis, monitoring, investigation and response across endpoint, cloud and identity systems in hybrid technology estates.

For customers, the tie-up is intended to reduce the time attackers go undetected inside networks and shorten the path from alert to remediation. For channel partners and service buyers, it is being positioned as a single operating model that combines AI-based analytics with human-led triage and incident handling.

Preferred Roles

As a preferred partner, LevelBlue will take a formal role in delivering services around SentinelOne's technology. SentinelOne will provide the underlying data ingestion, normalisation and analytics layer, while LevelBlue will handle investigation, response and service delivery through its global managed extended detection and response operations.

The arrangement reflects a broader shift in the cyber security market, as software suppliers and managed service firms increasingly try to present more integrated offerings. Many large organisations now use multiple security tools across on-premises systems, cloud workloads and employee identities, increasing pressure to connect detection systems with operational response teams.

Indigo will orchestrate security operations across customer environments alongside LevelBlue's threat intelligence and digital forensics work. SentinelOne's AI SIEM and analytics tools will sit beneath that layer, handling telemetry and event analysis.

Incident Response

A significant part of the expanded relationship centres on incident response. LevelBlue said it has a global team of more than 300 digital forensics and incident response professionals with experience in ransomware cases, suspected nation-state activity and large-scale breaches.

Its incident response work is supported by CREST-certified teams, retainer models and readiness services. Customers often use those services to put contractual support in place before a cyber attack, rather than trying to assemble specialist help during a crisis.

SentinelOne, which is listed in New York, has built its business around software for endpoint, cloud and identity protection, with a growing focus on AI-assisted analysis and automation. LevelBlue, a managed security services specialist, is using the partnership to deepen its role as an operator of security services built on third-party tools as well as its own platform layer.

Bob McCullen outlined LevelBlue's view of the market backdrop. "Threat actors are moving faster and operating with increasing sophistication," he said.

"By combining SentinelOne's AI-driven detection with LevelBlue's global AI-driven MDR and incident response expertise, we're enabling organizations to move from fragmented tools to a more unified, outcome-driven security strategy," McCullen said.

Market Pressure

The announcement comes as companies face pressure from rising alert volumes, more complex computing estates and tighter scrutiny of cyber resilience. In that environment, vendors and service providers have sought to reduce the number of manual steps between identifying suspicious activity and acting to contain an incident.

One challenge for security teams is the gap between high volumes of telemetry and the operational decisions needed to investigate and stop attacks. Security information and event management systems can gather and correlate data from many sources, but customers often still rely on external specialists to interpret alerts, prioritise risks and lead incident response.

The LevelBlue-SentinelOne arrangement is designed to close that gap by tying analytics and managed operations more closely together. The combined model is intended to support earlier threat identification, improved signal-to-noise ratios, escalation into incident response and broader coverage across prevention, detection, response and recovery.

Tomer Weingarten described the rationale from SentinelOne's side.

"Organisations don't need more controls, they need outcomes. As the world's largest pure play MDR provider, LevelBlue brings the scale, expertise, and operational rigor required to turn AI-driven insights into decisive action. Together, we're helping clients with all heavy lifting, to modernize security operations and stay ahead of evolving threats," Weingarten said.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member