SentinelOne Broadens Endpoint Security Capabilities to Provide Continuous Cycle of Protection Against Advanced Malware
MOUNTAIN VIEW, Calif., Dec. 3, 2014 – SentinelOne, the company that’s redefining endpoint security, today announced the latest release of SentinelOne EDR (Endpoint Detection and Response), which expands its core execution inspection technology with cloud intelligence, application whitelisting, and real-time forensics. This broader security coverage enables SentinelOne EDR to provide a continuous cycle of protection against both known and zero-day attacks on Windows, Mac, and Android computing devices, including servers and embedded systems. These new capabilities build upon SentinelOne’s existing predictive execution inspection engine which dynamically tracks each newly-created process on a machine to block malware, exploits, and zero-day attacks.
The company also published today a new Advanced Threat Intelligence Report that details its five secu- rity predictions for 2015. The full report which explains each of them in detail and the threats they pose to businesses, consumers and nations is available here.
According to Gartner, Inc.: “The endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops) — most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralized database. Analytics tools are then used to continually search the database to identify tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to rapidly respond to those attacks These tools also help with rapid investiga- tion into the scope of attacks, and provide remediation capability.”
To proactively block known threats, SentinelOne EDR now provides continuous “passive scanning” which combines cloud intelligence and processing. Since its agent monitors every file and process on the endpoint, SentinelOne EDR automatically sends information to the cloud where it is scanned in real time by over 40 engines that incorporate intelligence from leading reputation services. When a threat is detected it is immediately blocked on the endpoint before it can cause any damage. From a performance and administration standpoint, SentinelOne’s passive scanning has zero impact on endpoints and does not require on-device updates.
SentinelOne EDR now provides the ability to specify which applications are considered safe to run with automatic blacklisting of malicious applications that are detected by its predictive execution inspection engine. The blacklist capability prevents a malicious application from spreading to other endpoints in the organization. For easy discovery and initial whitelist configuration, SentinelOne EDR provides real-time visibility into all applications running on an endpoint, and also protects against tainted whitelisted applications.
“Behavioral monitoring of threats on the endpoint is the only way to detect and protect against the advanced evasion techniques that now come standard with modern malware platforms, especially ransomware and financial Trojans,” said Tomer Weingarten, CEO of SentinelOne. “Building on our predictive execution inspection technology and visibility into all endpoint activity we’ve added new capabilities to provide a continuous cycle of detection, prevention and protection. In addition, our new cloud-based approach for addressing known threats provides superior detection without the performance impact of scans on the endpoint or update maintenance overhead.”
Real-Time Endpoint Forensics
For real-time 360 degree visibility into endpoint threats, SentinelOne EDR generates detailed forensic reports which provide a graphical view of an attack’s sequence and also line-by-line details including dwell time, files impacted, and network connections. Unlike security sandbox technologies, SentinelOne EDR provides dynamic investigative capabilities as a threat occurs. These forensic capabilities simplify the collection and analysis of security incident data to accelerate response efforts such as identifying any other compromised machines on the network.
“We’re already confident with SentinelOne’s true behavioral monitoring capabilities to stop advanced threats, which is why we’re thrilled about the latest release from SentinelOne,” said Jeff Laurinaitis, director of sales at managed cloud solutions provider RKON. “The addition of cloud intelligence and whitelisting helps us better protect our clients from both known threats and zero-day attacks. Our clients trust us to provide the most effective solutions to protect their assets which is why we’ve selected SentinelOne as a strategic security partner.”
Pricing and Availability
SentinelOne EDR is available immediately. Subscription pricing is based per endpoint/year.
SentinelOne is reinventing endpoint security to protect organizations against advanced threats and nation state malware. The company uses predictive execution inspection to detect and protect all devices against targeted, zero day threats in real time. SentinelOne was formed by an elite team of cyber security and defense experts from Intel, Symantec, McAfee, Checkpoint, IBM and the Israel Defense Forces.
The company’s investors include Accel Partners, Data Collective, Granite Hill Capital Partners, Tiger Global Management and The Westly Group. To learn more visit sentinelone.com or follow us at @SentinelSec