The Latest News in Cybersecurity Right to Your Inbox Thank you!
You will now be notified when a new blog post is published.
SentinelOne Announces New Deep Visibility Module for Breakthrough IOC Search and Threat Hunting on the Endpoint
New Capabilities Enable Untethered View into All Endpoint Activities and Network Traffic – Encrypted and Clear Text
Mountain View, Calif., – Sept. 7, 2017 – SentinelOne, a pioneer in delivering autonomous AI-powered security for the endpoint, datacenter and cloud, today launched its new Deep Visibility module for the SentinelOne Endpoint Protection Platform (EPP), making it the first endpoint protection solution to provide unparalleled search capabilities for all indicators of compromise (IOCs) regardless of encryption and without the need for additional agents.
“We are bringing visibility into every edge of the network – from the endpoint to the cloud,” said Tomer Weingarten, CEO of SentinelOne. “Deep Visibility enables search capabilities and visibility into all traffic, since we see it at the source and monitor it from the core. We know that more than half of all traffic is encrypted – including malicious traffic – which makes a direct line of sight into all traffic an imperative ingredient in enterprise defense.”
Deep Visibility extends the company’s current endpoint suite abilities to provide full visibility into endpoint data, leveraging its patented kernel-based monitoring, for complete, autonomous, and in-depth search capabilities across all endpoints – even those that go offline – for all IOCs in both real-time and historic retrospective search. SentinelOne EPP with Deep Visibility enables customers to fully automate their detection to response workflow while also gaining unprecedented insight into their environment.
Deep Visibility also empowers customers to gain insights into file integrity and data integrity by monitoring file characteristics and recording data exports to external storage.
Deep Visibility monitors traffic at the end of the tunnel, which allows an unprecedented tap into all traffic without the need to decrypt or interfere with the data transport. This in turn provides a rich environment for threat hunting, that includes powerful filters, the ability to take containment actions, as well as fully automated detection and response.
Since Deep Visibility does not require an additional agent, and is a holistic part of the SentinelOne EPP platform, it is fully integrated into the investigation, mitigation and response capability sets, including process forensics, file and machine quarantine, and fully automated, dynamic remediation and rollback capabilities.
Additionally, Deep Visibility does not require any changes to network topology and does not require any certificates for installation. Visibility into encrypted traffic further enriches forensics insights and empowers security analysts with more holistic investigation capabilities without impacting the end-user experience.
“Deep Visibility is a breakthrough that will re-define how we think about perimeters,” said Weingarten. “Gaining visibility into the data pathways marks the first milestone for a real, software-defined edge network that can span through physical perimeters, to hybrid datacenters and cloud services. This is the beginning of the network of the future.”
In addition to Deep Visibility, SentinelOne EPP will also offer several new capabilities that further enrich visibility into customer environments and threats. Key capabilities include:
- Support for new platforms Amazon Linux AMI and Oracle Linux to expand visibility into critical server environments
- Full disk scan support to discover latent threats
- Richer forensics insights to help identify the source of threats and build attack storylines
Current SentinelOne customers can upgrade to a new agent with access to Deep Visibility by working with their customer success managers. Prospective customers can learn more about SentinelOne EPP and the new Deep Visibility capabilities here.
SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity. SentinelOne unifies prevention, detection, response, remediation and forensics in a single platform powered by artificial intelligence. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated integrated response and to adapt their defenses against the most advanced cyberattacks. SentinelOne was formed by an elite team of cyber security and defense experts with offices in Palo Alto, Tel Aviv, and Tokyo. The company is recognized by Gartner as a Visionary for Endpoint Protection and has enterprise customers in North America, Europe, and Japan. To learn more visit sentinelone.com.
Highwire PR for SentinelOne
Ph: 1.415.963.4175 ext 26
90 Days: A CISO’s Journey to Impact - Volume II
Endpoint Protection Platform Free Demo