SentinelOne extends its endpoint protection platform, adds remediation

CISOs have known for years that stopping the barbarians at the gate — the endpoint — isn’t enough to defeat the determined and imaginative attackers of today.

That doesn’t mean that endpoint defenses have been ignored. In 2013 a California company called SentinelOne Inc. released SentinelOne EDR (endpoint detection and response), an agent-based solution which works with existing enterprise anti-virus platforms and includes behavior-based malware detection and mitigation for all devices including tablets and smart phones.

Today the company announced its next version, called EPP, which it says can replace AV solutions by adding remediation to its capabilities.

“It adds a whole new preventive layer that deflects malware before it even runs,” CEO Tomer Weingarten said in an interview.

FEATURE SentinelOne EPP screenshot

“We’ve also added what we call dynamic remediation, which is even if something has executed, you can go back (to the system) and revert everything that happened,” he said.

It will help security pros determine when an endpoint was infected, what machines it talked to, the databases that were accessed, “so you can piece together a good picture of what might have happened.”

“We can completely replace (existing) anti-virus both for compliance and in terms of efficacy,” he said.

He noted that in its most recent report AV-Test said SentinelOne EPP was one of 11 solutions for Windows 8.1 that passed its corporate endpoint protection test.

London, Ont.,-based Gartner analyst Peter Firstbrook said in an interview that the AV-Test indicated that — like a number of others tested — SentinelOne EPP couldn’t stop everything that was thrown at it. “It doesn’t change the state of the art,” he said.

What appealed to him was the ability to record any changes made to endpoints so if suspicious behavior is detected infosec pros can pour through data to find when and where the system was altered to help detect suspect applications.

But he admitted that means SentinelOne EPP can’t merely be set on automatic: “You’re going to need someone in IT who has knowledge of how packed applications are put together and how to understand one that’s bad.”

Weingarten said EPP uses the same engine as the EDR platform, but with an enhanced agent. It can “basically and inspect and predict execution on an endpoint, seeing everything that running on that endpoint and every process and application is doing. By inspecting behaviors understanding  what is malicious, what is benign. Because we’re on the endpoint we also have the ability to mitigate the attack once we detect something has gone wrong, and then eventually remediate it, and later on give full detailed forensic reports in real time.”

EPP is linked to SentinelOne’s cloud intelligence platform, so it doesn’t use signatures. Nor do endpoints need to be scanned. The agent has a “very, very low” impact on performance, Weingarten said, taking up about 200 MB.

He wouldn’t detail EPP pricing, other than to say it is based on the number of endpoints protected. “We will in most cases try to match the price you’re paying today (for AV) and give you all of the added capabilities.”

Until the end of the year a subscription includes real-time forensics, white listing, anti-exploitation, dynamic malware protection, automatic remediation and endpoint search. Next year new capabilities — such as URL filtering — will cost extra.

SentinelOne products are largely sold direct to enterprise-sized companies, although it is in the process of building out a channel program. Weingarten said next year it will add a Web portal for medium-sized companies to buy subscriptions online.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now