Endpoint Security Series: SentinelOne

Endpoint Security Series - SentinelOne

We’re nearing the end of our Endpoint Security Series, but that doesn’t mean the solutions are less deserving of discussion! This week we'll be diving into another endpoint security solution: SentinelOne.

SentinelOne was established in 2013 and have since received multiple rounds of financing. Current valuation of this private company has them over one billion dollars making them a “unicorn” in the finance world. When SentinelOne started, there were only a few EDR platforms available and many of them required engineers with a great deal of expertise to manage, so their goal was to build a better EPP/EDR platform that didn’t require an advanced skillset. The result was their Singularity platform, an autonomous solution that seamlessly integrates data, access control, EDR, EPP, and IoT security. 

SentinelOne has been pegged by Gartner as one of the most visionary endpoint companies of the past few years. Of all the products we cover in this series, they have the most consistent features across all primary operating systems: Windows (Client and Server), Linux, and OSX. 

The key differentiators for SentinelOne are their feature consistency across platforms as well as their Storyline technology and ActiveEDR feature. Storyline provides a comprehensive story of each threat and allows security teams to reach the root cause analysis faster than with other solutions. Storylines are also used for threat hunting, enabling more in-house security teams to proactively detect advanced threats. By providing context aware menus, creating custom threat hunting searches becomes simpler. The third major differentiator is their ActiveEDR feature, one of the more mature automated EDR solutions available today. When used in conjunction with Storyline, it can create watchlists to monitor for specific situations and automatically run through remediation steps. Additionally, the ActiveEDR provides one-click remediation, which can even be run on benign findings beyond security breaches to optimize an organization's security posture.   

Just like most of their competitors, SentinelOne has a lightweight agent and utilizes machine learning and AI to detect and respond to malware and lateral movements in your network. The Singularity product suite is broken up into a few modules: 

Singularity Core is their Next Gen Antivirus product that utilizes agent-based AI and Behavioral Analysis to stop malware and malicious files as well as fileless attacks.  Singularity Core makes the remediation process very simple: for many cases only one click is required to resolve an issue. One unique feature that is also available is the ability to roll back unauthorized changes and restore endpoint data to pre-attack form in only one click. 

Singularity Control includes DLP features like USB and device control. It can manage the OS firewall, and control Bluetooth devices. Control also has Rogue device discovery which scans the attached networks for endpoints not protected by SentinelOne. 

Singularity Ranger IoT and Singularity Cloud are two more modules of the Singularity suite which are not explicitly endpoint protection, but still help your overall security posture. Singularity IoT turns a few agents per subnet into “Rangers” which passively listen to the network and can actively scan based on user-defined policies. They can also help identify your IoT devices to figure out what other devices they are communicating with on your network. Once identified, this solution can isolate unknown devices from interacting with SentinelOne protected devices. Additionally, Singularity Cloud can be used to extend the Singularity EPP/EDR protection to your cloud containers. 

Singularity Complete is a bundle of the Sentinel One product suite and includes access to the SentinelOne Vigilance MDR SOC team. Vigilance will review every threat and make sure it has been resolved and documented. They will escalate to your security team only when needed.  

SentinelOne’s Singularity platform is one of the most comprehensive solutions on the market today. If you’re serious about your network and endpoint security, SentinelOne deserves a spot on your list of contenders.   

Next week we’ll be shifting gears from the newer players to explore one last solution – Fortinet’s FortiEDR. While the Fortinet name is already well known in security, the FortiEDR solution can provide additional value to your organization that you may not know about. Be sure to check back next week to learn more.  

About the Author: These posts are written by Jeff Schaefer, a Security Engineer at Vandis with extensive experience in endpoint security. Jeff has been in the IT industry for almost 20 years, familiarizing himself in all areas of infrastructure before focusing on security solutions.  Recently, Jeff has spent a great deal of time talking with technology manufacturers and doing independent research to give effective guidance to organizations around endpoint security strategies and initiatives.