Get Free Information Around Information Security &
The Latest News in Cybersecurity Right to Your Inbox

Announcing SentinelOne Nexus Embedded AI SDK!

By Aviram Shmueli -

We are happy to announce the release of the Nexus Embedded AI SDK as GA version. Nexus SDK is an embeddable AI-based technology that uses SentinelOne’s predictive models to classify files as benign or malicious based on their static characteristics and without using signature or cloud lookup. It is extremely fast (classification is done within milliseconds) and simple to use. It can be useful, for example, in network appliances, file servers, email gateways, cloud services and more. Nexus SDK also provides information about various characteristics that exist in the analyzed files that are indicative of maliciousness. For example, an executable may be classified as malicious due to its high entropy and unusual binary format.

There are plenty of use cases for which Nexus SDK could be valuable:

  • Email / Web / Next-Gen Firewall Gateways – Detect file-based attacks by conducting a static analysis at network ingress points
  • File servers / Shared Folders – Detect malicious files residing on file servers
  • USB Kiosks – Scan for threats at a USB Kiosk upon plugging a USB device
  • Sandboxing – Pre-scan files prior to sandboxing for better prioritization and use the SDK indicators and verdict as an additional factor to consider
  • Cloud Services – Scan threats backed up by enterprise file synchronization and sharing products, as well as provide embedded scanning of cloud storage devices

How does the Nexus Embedded AI SDK work?

SentinelOne implements an AI technology to detect threats is Portable Executables (PE), PDFs and Office Documents. We extract thousands of characteristics from each of the millions of samples in our repository. Using supervised learning approach, we are able to produce a statistical model that encapsulates the correlation of various features to malicious or benign file.

Figure 1: Generating the Statistical Model

Then for classification, the SDK extracts the same features from a given sample and the model predicts according to the calculated statistics whether this file is a threat or not.

Figure 2: Classification of a Given Sample Based on the Model

For each scanned file, the SDK classification determines the following:

  1. Verdict – Whether the analyzed file is Malware, Suspicious or Benign.
    1. Malware – Files that the AI engine considers very likely to be malware. We recommend that access to these files be blocked.
    2. Suspicious – Files that are suspected of being malware. These are low confidence detections and files should be reviewed.
    3. Benign – Files that the AI engine detects as benign
  2. Score – Maliciousness score given to the analyzed file
  3. Indicators – The scanned file characteristics that contributed to the AI verdict. Among these indicators are:
    1. High file entropy
    2. Existence of specific packers
    3. File overlay
    4. Improper file format

The SDK is a C library that is provided also with a Python wrapper. It’s now available as GA.

Demo

Want to see how SentinelOne can effectively protect you from current security risks?

Get a Demo Now

Like this article? Follow us on LinkedInTwitter, YouTube or Facebook to see the content we post.

Read more about Windows Security

What's New

eBook

90 Days: A CISO’s Journey to Impact

We have partnered with some of the most successful CISOs to create a blueprint for success

Report

SentinelOne H1 2018 Enterprise Risk Index

Our research team closely monitors all SentinelOne endpoints for insights

Live Demo

Endpoint Protection Platform Free Demo

Interested in seeing us in action? Request a free demo and we will follow up soon