MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)--SentinelOne, the company that’s redefining endpoint security, today announced the latest release of SentinelOne EDR (Endpoint Detection and Response), which expands its core execution inspection technology with cloud intelligence, application whitelisting, and real-time forensics. This broader security coverage enables SentinelOne EDR to provide a continuous cycle of protection against both known and zero-day attacks on Windows, Mac, and Android computing devices, including servers and embedded systems. These new capabilities build upon SentinelOne’s existing predictive execution inspection engine which dynamically tracks each newly-created process on a machine to block malware, exploits, and zero-day attacks.
The company also published today a new Advanced Threat Intelligence Report that details its five security predictions for 2015. The full report which explains each of them in detail and the threats they pose to businesses, consumers and nations is available here.
CLICK TO TWEET: .@SentinelSec broadens #endpointsecurity footprint with new capabilities http://bit.ly/1zMfvM0
According to Gartner, Inc.: “The endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops) — most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralized database. Analytics tools are then used to continually search the database to identify tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to rapidly respond to those attacks. These tools also help with rapid investigation into the scope of attacks, and provide remediation capability.” 1
Cloud Intelligence
To proactively block known threats, SentinelOne
EDR now provides continuous “passive scanning” which combines cloud
intelligence and processing. Since its agent monitors every file and
process on the endpoint, SentinelOne EDR automatically sends information
to the cloud where it is scanned in real time by over 40 engines that
incorporate intelligence from leading reputation services. When a threat
is detected it is immediately blocked on the endpoint before it can
cause any damage. From a performance and administration standpoint,
SentinelOne’s passive scanning has zero impact on endpoints and does not
require on-device updates.
Integrated Whitelisting
SentinelOne EDR now provides the ability to
specify which applications are considered safe to run with automatic
blacklisting of malicious applications that are detected by its
predictive execution inspection engine. The blacklist capability
prevents a malicious application from spreading to other endpoints in
the organization. For easy discovery and initial whitelist
configuration, SentinelOne EDR provides real-time visibility into all
applications running on an endpoint, and also protects against tainted
whitelisted applications.
“Behavioral monitoring of threats on the endpoint is the only way to detect and protect against the advanced evasion techniques that now come standard with modern malware platforms, especially ransomware and financial Trojans,” said Tomer Weingarten, CEO of SentinelOne. “Building on our predictive execution inspection technology and visibility into all endpoint activity we’ve added new capabilities to provide a continuous cycle of detection, prevention and protection. In addition, our new cloud-based approach for addressing known threats provides superior detection without the performance impact of scans on the endpoint or update maintenance overhead.”
Real-Time Endpoint Forensics
For real-time 360 degree visibility
into endpoint threats, SentinelOne EDR generates detailed forensic
reports which provide a graphical view of an attack’s sequence and also
line-by-line details including dwell time, files impacted, and network
connections. Unlike security sandbox technologies, SentinelOne EDR
provides dynamic investigative capabilities as a threat occurs. These
forensic capabilities simplify the collection and analysis of security
incident data to accelerate response efforts such as identifying any
other compromised machines on the network.
“We’re already confident with SentinelOne’s true behavioral monitoring capabilities to stop advanced threats, which is why we’re thrilled about the latest release from SentinelOne,” said Jeff Laurinaitis, director of sales at managed cloud solutions provider RKON. “The addition of cloud intelligence and whitelisting helps us better protect our clients from both known threats and zero-day attacks. Our clients trust us to provide the most effective solutions to protect their assets which is why we’ve selected SentinelOne as a strategic security partner.”
Pricing and Availability
SentinelOne EDR is available immediately.
Subscription pricing is based per endpoint/year.
About SentinelOne
SentinelOne is reinventing endpoint security to
protect organizations against advanced threats and nation state malware.
The company uses predictive execution inspection to detect and protect
all devices against targeted, zero day threats in real time. SentinelOne
was formed by an elite team of cyber security and defense experts from
Intel, Symantec, McAfee, Checkpoint, IBM and the Israel Defense Forces.
The
company’s investors include Accel Partners, Data Collective, Granite
Hill Capital Partners, Tiger Global Management and The Westly Group. To
learn more visit sentinelone.com or follow us at @SentinelSec
1 Gartner, Inc., Gartner Identifies the Top 10 Technologies for Information Security in 2014, http://www.gartner.com/newsroom/id/2778417
