SentinelOne Integrates MITRE ATT&CK Knowledge Base with Next-Gen Endpoint Solution

Integration Provides Responders with Immediate Context of Attack Techniques

Mountain View, Calif.– November 13, 2018 – SentinelOnethe autonomous endpoint protection company, today announced the integration of the MITRE ATT&CK™ framework, a globally-accessible knowledge base of adversary tactics and techniques, within its next-gen protection platform. SentinelOne autonomously maps attacks in real time to the MITRE ATT&CK framework, providing users immediate in-product indicators and attack technique context. The framework enhances SentinelOne’s Active EDR capabilities, surfacing relevant indicators for SOC teams, and then providing in-product automated responses.

The ATT&CK framework was developed by The MITRE Corporation, a systems engineering company working across government, industry, and academia to tackle difficult challenges like cybersecurity. The ATT&CK knowledge base, which is based on open-source threat intelligence, breaks full cyber-attack lifecycles into more granular detail, presenting tactic categories with hundreds of corresponding techniques as sub-categories.

“In today’s ever-evolving threat landscape, understanding the nature of an attack can be an arduous process for security teams,” said Jared Phipps, Vice President Worldwide Sales Engineering, SentinelOne. “Through integrating the MITRE ATT&CK framework into SentinelOne workflows, we are providing immediate and enriched threat context without requiring additional investigation. In turn, this clarifies the optimal response action and saves a significant amount of time and effort for teams who in many cases are already overworked and understaffed.”

The MITRE ATT&CK framework identifies attack techniques, enabling SentinelOne to reference the exact technique as classified by MITRE with the corresponding reference number. MITRE ATT&CK indicators are automatically applied within the SentinelOne console, allowing responders to quickly identify how an attack is being conducted without spending research time to determine what techniques, such as process hollowing or code injection, are leveraged during the attack.  Including relevant data and visibility in a highly contextualized, real-time fashion strengthens the value of SentinelOne’s EDR capabilities.

“MITRE ATT&CK is embraced by both the public and private sectors because they see the value in ATT&CK as a way of stating what tools can do. These companies are asking vendors to map capabilities to ATT&CK, and similarly, vendors are using ATT&CK to map products to a common language and communicate their capabilities,” said Frank Duff, principal cybersecurity engineer, MITRE.

To learn more about embedded MITRE ATT&CK indicators within the SentinelOne platform, visit our MITRE Feature Spotlight.

About SentinelOne

SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects and responds to attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real time for both on premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit or follow us at @SentinelOne, on LinkedIn or Facebook.


Jake Schuster
fama PR for SentinelOne
[email protected]