Sean Roth, Director, Product MarketingIn today’s highly connected world, endpoint security is a huge concern for CIOs as many employees use their personal devices to connect to the corporate environment, and using corporate endpoints outside of the organization’s network, in an increasingly mobile fashion. Besides, the increasing number of endpoints has made it difficult for organizations to track internal threats—such as those that rely on fake or stolen credentials to move between different Virtual Private Network (VPN) connections, source Internet Protocol (IP) addresses, and machines. Enterprises often try to layer new tools and point solutions on the top of legacy endpoint technologies and obsolete antivirus software which increases the complexity as well as adds to the business costs. In such a scenario, SentinelOne, a company based in Palo Alto, California, is providing next-generation endpoint protection in a single platform. “Our platform unifies prevention, detection and response capabilities in protecting both user endpoints and critical servers across all major attack vectors,” states Sean Roth, Director, Product Marketing, SentinelOne.
Frequently, servers that support business-critical applications witness a tradeoff between security and performance. Many enterprises tend to not replace their antiquated antivirus solution which consumes large amounts of CPU cycles as it runs file scans and signature updates. Others resist deploying any kind of dedicated server security solution for fear of not meeting critical SLAs due to performance degradation. On the other hand, SentinelOne’s offering requires no signature updates or file scans, thereby consuming less CPU power. The tool employs a uniquely architected agent, which performs out-of-band monitoring of system activity without creating any noticeable performance degradation. Additionally, the platform protects against both known and unknown threats, unlike antivirus software which is effective only against known file-based malware. SentinelOne’s solution enables enterprises to protect themselves against advanced malware, exploits and insider attacks while preserving valuable server performance.
SentinelOne’s underlying endpoint protection technology is behavior-based. The SentinelOne agent monitors all activity both in kernel and user space: processes, memory, registry, and network. Each agent leverages SentinelOne's Dynamic Behavior Tracking (DBT) Engine which utilizes sophisticated machine learning to detect threats against a full context of normal application and system behavior.
Our platform protects both user endpoints and critical servers across major attack vectors
In addition, the platform allows users to investigate threats with detailed forensics reports and attack visualizations based on data sent from the agent to the SentinelOne management console in real-time. This facilitates clients to have a 360-degree view of an attack, mapping its point of origin and progression across endpoints and other systems for complete forensic insight.
SentinelOne’s Endpoint Protection Platform is effective in protecting endpoint systems and critical servers across different types of organizations. In order to better serve specific verticals, the company has certifications for regulatory compliance and was recently Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS) certified. “Beyond compliance, the SentinelOne EPP offers enterprises intelligent threat response capabilities. Admins can create custom mitigation policies as required by the different categories of endpoint and server devices under their management,” explains Roth.
In an instance, the firm assisted a global cosmetics manufacturer to deploy SentinelOne EPP across 3,000 user endpoints, replacing McAfee antivirus. The client was bogged down with desktop support work, reimaging 8 to 10 laptops per week that were being attacked by ransomware. With SentinelOne’s ability to detect and remediate ransomware attacks, the instances of ransomware infections plummeted to almost zero, saving the company over 70 man-hours of internal user support work.
Having just announced an industry-first Ransomware Cyber Guarantee just prior to the annual Black Hat event in Las Vegas, the company has exciting plans for the future. “We will continue to enhance our behavior-based threat detection and broaden our enterprise features, along with the number of different endpoint and server platforms we protect,” concludes Roth.