Started out with First Generation, old legacy AV solutions. These were people powered (so inefficient and not scalable as IT teams would patch vulnerabilities manually, etc…) These were designed for a different working environment - one that is not as complex and advanced as it is now.
We then moved on to Second Generation AV and EDR, with cloud-based monitoring. This was a newer version of defense that gave you more information about attacks, much more quickly. However, the reliance on ‘reactive response’ meant that it could still take several hours, to a day, to write the signatures needed to stop the identified attack happening on all the other machines across the world -still too long and complex a process - still not quick enough.
What makes SentinelOne Different?
Define what SentinelOne is: SentinelOne | Autonomous AI Endpoint Security Platform | s1.ai
SentinelOne is a third generation EDR/ XDR solution that doesn’t rely on the cloud. The key difference being that SentinelOne is completely automated and can identify and remediate threats within seconds.SentinelOne can sit looking after your machines all day, everyday. Looks at the behaviour on the endpoint, identifies malicious behaviour and remediates on the endpoint within seconds.
It is a technology that scales to people - the automation aspect shrinks mean time to respond & recovery. The automated AI capabilities means that SentienlOne becomes an effective front line defense.
Key Features:
100% Ransomware Prevention Record
SentinelOne has a 100% record when it comes to stopping ransomware in its tracks. S1 has never let ransomware through - there’s no way ransomware can get past it. With SentinelOne in place, cyber disasters like WannaCry would never have happened.
Storyline Feature
The Storyline feature contextualizes everything that’s happening in real time. Will trigger responses if needed. Everything in SentinelOne is designed to take away the time it takes the SOC team to respond to stuff because it’s doing it all for you.
Could see an attempted ransomware attack happening in real time - the files being targeted, where it’s trying to go. Can keep an eye on attempted lateral movement.
Observing every process on the machine all day = instantaneous protection
Could be managed easily by a very small tech team. Gives much more visibility
It gives you a lot more information than other products give you. Highly detailed information about everything that’s going on.
Remediation and Instant Roll Back:
The instant rollback and recovery feature (1-click recovery) can save security teams a lot of time. If, for instance, you SentinelOne alongside your current EDR solution, in detect-only mode, you could see if anything got through in real time and act on it immediately.
Ranger and Network Visibility
Looks at every IoT device on the network and canl tell you if it's secure. Tells you everything that’s on the network (even unexpected household items) - other, unprotected machines - whole potential attack surface.
S1 will run pretty much on anything, doesn’t matter how old the machine is - ranger would pick up any unprotected machines which would reduce the risk of ransomware significantly, even with old machines (like the ones used in the NHS, for example)
XDR - extended detection and response - means that SentinelOne can extend its responses to other vendor platforms
It has open APIs - can use SentinelOne well alongside other solutions easily - integrates well with other technologies.
Long Data Retention - you can look back at data from year ago, etc, to see what happened, how things have progressed, make comparisons, etc…