ChannelLife US - Industry insider news for technology resellers
United States
Global managed cybersecurity partnership incident response puzzle
#
Ransomware
#
SIEM
#
Cloud Security

LevelBlue & SentinelOne expand global security tie-up

Tue, 24th Mar 2026
Author image
By Mark Tarre, News Chief

LevelBlue and SentinelOne have expanded their strategic partnership to deliver joint managed security operations and incident response services worldwide. Under the agreement, LevelBlue becomes SentinelOne's preferred global partner for managed detection and response, managed SIEM and incident response.

The partnership combines SentinelOne's Purple AI and Singularity Platform with LevelBlue's Indigo security platform, threat intelligence operations and digital forensics capabilities. It is designed to connect detection, investigation and response across endpoint, cloud and identity environments.

SentinelOne will provide the data ingestion, normalisation and analytics layer, while LevelBlue will run MDR, SIEM operations, incident response and orchestration through its global managed extended detection and response operations. The structure is intended to give customers a single operating model rather than a collection of separate security tools and services.

Service model

The agreement expands an existing relationship and gives LevelBlue preferred partner status across several SentinelOne service areas, including managed detection and response, managed security information and event management, and incident response for organisations dealing with cyber attacks and other security incidents.

The companies are targeting businesses that want a closer link between automated alerting and human-led investigation. In practice, the combined service brings together AI-led analytics with analyst triage, forensic investigation and remediation support.

Customers will be able to use integrated MDR and AI SIEM operations, with escalation into incident response when needed. The offering also extends coverage across prevention, detection, response and recovery, and is designed to reduce the number of separate tools in use.

Incident response

A central part of the deal is LevelBlue's role as SentinelOne's preferred incident response provider. LevelBlue has a global team of more than 300 digital forensics and incident response professionals, with experience in ransomware investigations, nation-state activity and large-scale breach response.

Its incident response services also include CREST-certified teams, retainer options and readiness services designed to help organisations prepare before a breach occurs. That gives SentinelOne customers a defined path from detection and analysis to hands-on containment and recovery support.

"Threat actors are moving faster and operating with increasing sophistication. By combining SentinelOne's AI-driven detection with LevelBlue's global AI-driven MDR and incident response expertise, we're enabling organisations to move from fragmented tools to a more unified, outcome-driven security strategy," said Bob McCullen, Chairman and CEO of LevelBlue.

Market context

The partnership reflects a broader shift in the cyber security market as vendors and service providers try to simplify security operations for customers facing rising alert volumes, skills shortages and increasingly complex attack paths. Many organisations now run a mix of endpoint, identity, cloud and network security tools, leaving response teams to work across disconnected systems.

By linking telemetry from different parts of the technology stack with continuous monitoring and analyst review, the service is intended to improve visibility in hybrid environments and shorten the time between an initial signal and action by an incident response team. The approach is also expected to improve the signal-to-noise ratio through analytics and curated threat intelligence.

For SentinelOne, the agreement extends the reach of its software through a managed services partner with a large operational footprint. For LevelBlue, it deepens ties with a platform provider that has been building AI-led security analytics alongside endpoint, identity and cloud monitoring.

"Organisations don't need more controls, they need outcomes. As the world's largest pure play MDR provider, LevelBlue brings the scale, expertise, and operational rigour required to turn AI-driven insights into decisive action. Together, we're helping clients with all heavy lifting, to modernise security operations and stay ahead of evolving threats," said Tomer Weingarten, CEO of SentinelOne.

SentinelOne says its platform is used across endpoints, identity and cloud environments, and is deployed by nearly one-fifth of the Fortune 500 and hundreds of Global 2000 enterprises.

Related stories
Rithum launches SupplyExplorer to speed supplier discovery
HiDock launches P1 AI voice recorder with HiNotes 3.0
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
Opera launches Browser Connector for ChatGPT & Claude

Top stories

FIRST conference highlights AI & CVE disclosure push
OpenAI expands Codex with desktop & workflow tools
Blancco, ERI & Start Campus tout greener IT
Sound Devices unveils Astral Mini Plus & software updates
Anthropic shifts enterprise billing to token-based pricing