Modern cybercriminals are continuously upping their techniques, tactics, and procedures to evade detection or defence. It makes good business practice that your IT Security teams should be on par with their response to these latest threats and identify ongoing malice dwelling in your systems.
SentinelOne is a cloud-based antivirus that uses Artificial Intelligence to detect and anticipate malicious virus or malware and attack vectors. Its starter Core offering comes with:
As Endpoint Detection and Response (EDR) data produce millions or even billions of events a day, your IT Security team will need a way to look for behavioural and static indicators of compromise that might indicate a zero-day attack. While robust EDR data supports investigations, they may be too noisy for useful alerting or discovering unusual behaviours.
Having a STAR solution allows end-users to write custom detection rules that address new threats or targeted ones specific to your industry or organisation. It works by:
By incorporating custom detection logic and immediately pushing it out to the entire fleet or subset – to either kill any matching process or alert on it for further investigation, STAR is a powerful policy enforcement tool that automatically mitigates threats and quarantine endpoints. An added benefit is its ability to put a new layer between threats and EDR data, so the alerts could be customised based on a subset of interesting events instead of the entire dataset. The data could be easily consumed into a SIEM, thus bringing down the cost of using EDR data without letting anything slip by.
Moving from the Core to the Control offering gives your business the extra features of a Network Scanner and Firewall Device control to manage USB and Bluetooth access to a machine, and Rogue Device discovery to locate unprotected workstations within your network.
This could be expanded to the ultimate tier – Complete – which gives EDR features on top of antivirus protection with their ActiveEDR®, File Integrity Monitoring, and STAR custom detection rules. This delivers a flexible pathway for any business to start off with incorporating a level of protection that suits their current needs and increase their security posture and protection by upgrading to a higher tier without the complication of finding different software or reinstallation agents.
SentinelOne has come out as the first EDR vendor to deliver 100% visibility of an attack as the 2020 MITRE Engenuity ATT&CK Evaluation. You can stay ahead of potential adversaries by customising and automating detection rules that fit your business environment with STAR. This can free up resources to support your Security IT team to proactively monitor and respond to incoming threat intelligence by turning queries into automated hunting rules. STAR is easy to use, powerful, and flexible due to its intuitive query language with regular expression support for complex queries.
We partner with SentinelOne in bringing this solution to help your teams react faster and more effectively. Whether it is mitigating new and emerging threats with custom detection rules, augment SIEM with low volume, high-value telemetry, trigger automated workflows, and threat hunting queries, we got you covered. If you would like to learn more, contact us today at 1300 HUON IT.