Modern cybercriminals are continuously upping their techniques, tactics, and procedures to evade detection or defence. It makes good business practice that your IT Security teams should be on par with their response to these latest threats and identify ongoing malice dwelling in your systems.
REDEFINING CYBERSECURITY BY PUSHING THE BOUNDARIES OF AUTONOMOUS TECHNOLOGY
SentinelOne is a cloud-based antivirus that uses Artificial Intelligence to detect and anticipate malicious virus or malware and attack vectors. Its starter Core offering comes with:
- Protection against ransomware, known and unknown malware, Trojans, hacking tools, memory exploits, script misuse, bad macros, and living off the land attacks; and
- A sophisticated tool called StoryLine Active Response™ (STAR) that tracks the history of any attack and allows your business to roll back any damage that may have occurred in an event such as a cryptoblocker
As Endpoint Detection and Response (EDR) data produce millions or even billions of events a day, your IT Security team will need a way to look for behavioural and static indicators of compromise that might indicate a zero-day attack. While robust EDR data supports investigations, they may be too noisy for useful alerting or discovering unusual behaviours.
HOW DOES SENTINELONE HELP ME RESPOND QUICKLY TO THREATS?
Having a STAR solution allows end-users to write custom detection rules that address new threats or targeted ones specific to your industry or organisation. It works by:
- Using on-agent behavioural Artificial Intelligence to identify and stop fileless attacks happening within real-time
- Automating threat resolution to reduce administrative workload with no complicated scripting
- Providing a 1-click remediation to reverse unauthorised and rollback for Windows to restore any data affected by an attack
- Delivering easy-to-use incident data to quickly orient analysts on the incident with all information being stored for 365 days
By incorporating custom detection logic and immediately pushing it out to the entire fleet or subset - to either kill any matching process or alert on it for further investigation, STAR is a powerful policy enforcement tool that automatically mitigates threats and quarantine endpoints. An added benefit is its ability to put a new layer between threats and EDR data, so the alerts could be customised based on a subset of interesting events instead of the entire dataset. The data could be easily consumed into a SIEM, thus bringing down the cost of using EDR data without letting anything slip by.
Moving from the Core to the Control offering gives your business the extra features of a Network Scanner and Firewall Device control to manage USB and Bluetooth access to a machine, and Rogue Device discovery to locate unprotected workstations within your network.
This could be expanded to the ultimate tier - Complete - which gives EDR features on top of antivirus protection with their ActiveEDR®, File Integrity Monitoring, and STAR custom detection rules. This delivers a flexible pathway for any business to start off with incorporating a level of protection that suits their current needs and increase their security posture and protection by upgrading to a higher tier without the complication of finding different software or reinstallation agents.
SentinelOne has come out as the first EDR vendor to deliver 100% visibility of an attack as the 2020 MITRE Engenuity ATT&CK Evaluation. You can stay ahead of potential adversaries by customising and automating detection rules that fit your business environment with STAR. This can free up resources to support your Security IT team to proactively monitor and respond to incoming threat intelligence by turning queries into automated hunting rules. STAR is easy to use, powerful, and flexible due to its intuitive query language with regular expression support for complex queries.
HOW CAN WE HELP?
We partner SentinelOne in bringing this solution to help your teams react faster and more effectively. Whether it is mitigating new and emerging threats with custom detection rules, augment SIEM with low volume, high-value telemetry, trigger automated workflows, and threat hunting queries, we got you covered. If you would like to learn more, contact us today at 1300 HUON IT.
For more information on endpoint solutions, click here.