Day 2 of Black Hat USA 2023 | Exploring The Power of a Threat Intel & AI-Driven Future

What a few days it was at this year’s BlackHat cyber event in sunny Las Vegas! The stunning SentinelOne booth welcomed thousands of visitors who came to learn about PurpleAI, our newly launched Ranger Insights console, and all the ways the Singularity™ platform helps organizations protect their endpoints, secure their cloud, and unify their data.

Day 2 of Black Hat USA 2023 Exploring The Power of a Threat Intel & AI-Driven Future

We’ve connected with so many of our customers, prospects, partners, as well as our executive and R&D teams over the last few days. For those who couldn’t join us live at the event this time around, our blog today will cover everything that happened on Day 2 of Black Hat USA 2023.

PurpleAI | AI-Driven Threat Hunting, Analysis & Response for the Modern Enterprise

On Thursday, the SentinelOne Theatre beckoned visitors for another full day of presentations and live product demonstrations. In particular, folks were drawn to our demos of PurpleAI, SentinelOne’s recently launched generative AI platform, dedicated to threat-hunting, analysis and response. PurpleAI, not surprisingly, piqued the interest of many in line with this years’ event theme surrounding Generative AI and its growing presence within the cybersecurity community.

In the packed theater, Joseph Poyner, Director of Go-To-Market Sales Engineering at SentinelOne showcased how PurpleAI accelerates the offensive strategies and response levels of your Security Operations Center (SOC). Before presenting the PurpleAI demo, Poyner explained some of the industry problems that we set out to solve when we created PurpleAI from the ground up.

Before PurpleAI came to life, we considered some of the hard facts about the current climate. It’s been reported that our industry is millions of analysts short in dealing with the current cybersecurity workload. For the workforce we do have, they’re fighting against both new and sophisticated cyberattack TTPs, which are fueling the rise in ransomware, software supply chain attacks, and more. As single-layer, reactive security solutions are no longer enough to keep up with increasingly skilled cybercriminals, enterprises now have to stack multi-layered, proactive solutions together to build a robust defense posture.

In analyzing SentinelOne customer data and telemetry, we also found that many of the customer queries in our platform are surprisingly simple. Why aren’t people writing complicated queries, we asked? Why aren’t they pulling insights from this large pool of data? The reason, we found, is that most analysts are new to their role and still honing their skill set. Given the reality of these observations, we set about building PurpleAI, which Poyner then demoed through a Capture the Flag (CTF)-like game.

“Rather than an hour-long investigation, we’re going to cut that down to five to 10 minutes,” he explained during the CTF demo. “The other thing is [PurpleAI] never sleeps. This is going to programmatically go through your queries.”

Poyner also highlighted how PurpleAI and your queries can integrate with other popular SaaS tools like Okta.

“You don’t even have to be an analyst. You just have to understand what type of data you want. You can just ask PurpleAI those queries and supercharge your SOC.”

Test drive PurpleAI for yourself with this interactive demo. Interested in learning more? Connect with a SentinelOne expert to find out how PurpleAI can benefit your organization.

Presentation Highlight | Mandiant On Combining Cyber Threat Intel

For a second day, we also welcomed partners and fellow security leaders in our industry to give in-booth presentations. In one notable instance, Mandiant’s esteemed Head of Managed Defense Consulting, Alan White, shared his thoughts in a series of slides on why SentinelOne and Mandiant are truly better together for customers.

“We’re talking about taking really great powerful technology that SentinelOne has with a really powerful Mandiant service. Combined with that threat intelligence, it’s unstoppable,” White told us after his presentation.

Consider this: Without this SentinelOne-Mandiant advantage, organizations would face the expensive and difficult challenge of staffing a team of 24/7 security analysts to achieve the same level of protection. By leveraging SentinelOne XDR technology with Mandiant’s leading MDR service, intelligence, and expertise, customers receive around-the-clock support, proactive threat hunting, and the unification of security across their existing tools.

“You’re going to find evil quickly, you’re going to detect it quickly, and you’re going to leverage the technology to reduce the threat as fast as possible,” White told us. “At the end of the day, I can’t think of a better way to tell a client, ‘If you can’t manage your own environment 24/7, then the partnership that we bring together is the way to go.”

Learn more about how SentinelOne and Mandiant can benefit your organization here. We’re also excited to join Mandiant at its mWISE conference in Washington D.C. next month.

Noetic Cyber | Automating Asset Management With Endpoint Context

SentinelOne partner and S Ventures portfolio company, Noetic Cyber, announced on Day 2 of Black Hat the next phase of its integration with us. In their latest blog post, Noetic Cyber outlines its plans to extend its market-leading cyber asset attack surface management (CAASM) platform to support new use cases.

The company focuses on providing a proactive approach to cyber asset and controls management to help security professionals better understand the cyber risks within their environments, map the relationships between all of their assets and entities, and tie together context and insights to enable faster, more accurate decisions.

“SentinelOne is excited to expand the use cases with Noetic Cyber and the value that will deliver to joint customers,”  SentinelOne’s SVP Corporate Development & S Ventures Rob Salvagno said in a statement. “Together, we deliver a comprehensive solution to help security teams better understand their endpoint, cloud, network, and vulnerability risk.”

The integration of SentinelOne Singularity™ XDR and the Noetic Continuous Cyber Asset and Controls platform allows security teams to extend the visibility, detection, and endpoint insights of SentinelOne into a wider asset inventory and management architecture. By ingesting high-fidelity endpoint telemetry and incident data from SentinelOne, the Noetic platform can correlate with insights from other security and IT management tools to provide full visibility into all assets within an environment and the cyber relationships between them. Customers can look forward to the following updates to the bi-directional Noetic-SentinelOne Singularity Connector.

Enriched Vulnerability Findings & Prioritization

Noetic has added support for SentinelOne’s new Application Risk capability which leverages the SentinelOne agent to scan the endpoint for third-party applications and list them in the inventory. The agent then maps the inventory with vulnerability data from NIST NVD regularly, associating it with relevant applications and endpoints.

Support for Network Discovery with Singularity Ranger

Noetic’s new integration with Singularity Ranger works by ingesting the results of Ranger scans into the Noetic platform, providing vital context into Ranger-discovered devices. Security teams can quickly see whether devices are on a restricted network range or have access to sensitive datasets or which services they support, for example. This considerably reduces the analyst workload by simplifying the review process.

Extended Support for Cloud & Container Use Cases

The latest version of the Noetic connector has also added support for Singularity Cloud Workload Protection. Data collected by SentinelOne is aggregated with information from AWS, Azure, and Google Cloud, giving security teams the ability to discover security coverage gaps across containers and Kubernetes clusters so that they can drive remediation processes.

Read our joint solution brief or eBook for more information and reach out today to learn how Noetic can support any tool in your stack, driving rapid time to value.

A Peek Into the S Ventures Happy Hour

It was our thorough pleasure to co-host an exclusive happy hour for our S Ventures portfolio companies, partners, and friends in close partnership with Okta Ventures, B Capital, and SYN Ventures! More than 130 attendees gathered at Citizen Kitchen & Bar in Mandalay Bay to enjoy hors d’oeuvres, cocktails, and great conversations about the future of cybersecurity.

“Events like this showcase S Ventures and our partner’s commitment to guiding and scaling the next generation of innovative security and data companies,” said Salvagno. “By fostering connections within and across our mutual networks, we empower these companies to grow and make more of an impact across the ecosystem.”

What Can We Say…We Like To Party!

If you were at our RSAC FOMO afterparty this year, then you know that we love to throw a good party. What we love even more though is enjoying a great party thrown by our friends! To round out a full days’ worth of learning and networking, the SentinelOne team was proud to sponsor both GuidePoint Security and Optiv’s Black Hat afterparties this year.

On Tuesday, GuidePoint hosted the event of the night in the Skyfall Lounge at Mandalay Bay, taking advantage of its surreal, panoramic views of the Las Vegas Strip. Just imagine looking down at the lights and buzz of Vegas from the 64th floor of Delano. We had a great time, GuidePoint.

Thursday was the quintessential Black Hat afterparty that you’d expect when in Vegas. What we’ll say is that Optiv threw a banger of an event at DAYLIGHT beach club at Mandalay Bay complete with bubble sphere dancers in the pool, live music, and acrobatic routines performed above the party goers. What a way to close out Black Hat USA 2023. Thanks, Optiv!


The team at SentinelOne is so grateful for another amazing year at Black Hat USA. We’d like to thank all of the people who took time to visit our iconic Tree of Life booth and theater space and chatted with us about new ways to iterate collaboratively towards the next level of cybersecurity.

These events always renew our passion for keeping those we protect safe from advancing threats and show just how many dedicated people are out there making this happen daily. We already can’t wait for next year’s event but until then, let’s keep the energy up, the conversations flowing, and our channels of communication open for exciting ideas yet to be explored.