SentinelOne provides prevention and detection of attacks across all major vectors, rapid elimination of threats with fully automated, policy-driven response capabilities, and complete visibility into the endpoint environment with full-context, real-time forensics. The innovative security solutions offer broad protection against diverse modes of attack, including malware, exploits, and live/insider attacks.
- Delivers multi-layered AI-powered endpoint protection, with Static AI pre-execution protection for known and unknown file-based malware, and Behavioral AI agent-side behavioral monitoring that covers any attack vector, including unknown exploits and bypass attempts of traditional anti-virus.
- The Behavioral AI engine is built to detect and mitigate malicious code and scripts in documents and can detect fileless attacks and exploits. Lateral Movement uses Behavioral AI to discover attempts coming from another device over the network.
- Offeres attack remediation, cleaning all artifacts of a malicious attempt, including registry, scheduled tasks and more, while Rollback Revert returns an endpoint its pre-infected state. Upon detection, SentinelOne can immediately stop lateral threat spread cold by disconnecting the infected endpoint from the network while still maintaining the agent’s connection to the management console.
- Adds advanced capabilities such as threat hunting and Deep Visibility. It provides prevention and detection of attacks across all major vectors, rapid elimination of threats with fully automated, policy-driven response capabilities, and complete visibility into the endpoint environment with full-context, real-time forensics.
- Includes Advanced EDR/Threat Hunting, which provides the ability to search for attack indicators, investigate existing incidents, perform file integrity monitoring, and root out hidden threats. It includes an Attack Storyline, a visual diagram representing an execution flow, helping IR teams to quickly evaluate the impact of any threat.
- Advanced capabilities include Deep Visibility into every event on the agent, including the ability to search for historic data, and visibility into the encrypted network traffic without pushing certificates or the need for expensive SSL appliances/blades.
One Agent for Consolidated Cybersecurity
- Full featured enterprise-grade EDR.
- NGAV and behavioral detection to stop known and unknown threats.
- Suite features like network control, USB device control, and Bluetooth device control.
- Native network attack surface protection and rogue device identification with Ranger.
Storyline Automates Visibility
- Storyline creates context in real time: Windows, macOS, Linux, and Kubenetes cloud-native workloads.
- Storyline enables efficient hypothesis testing leading to fast RCA conclusions.
- Process re-linking across PID trees and across reboots preserves precious context.
- PowerQuery language enables intuitive searches and hypothesis-based hunting.
One-Click Remediation & Rollback
- Automated responses and prevention mechanisms, all in one code base.
- Threat resolution across your estate—on one, several, or all devices—no scripting necessary.
- Storyline Active Response™ (STAR) keeps a constant watch for noteworthy events.
- One API with 350+ functions lets you build further, customized automations.
- High performance, industry leading historical EDR data retention for up to 3 years of visibility.
- Easy pivoting and hunting with 100’s of available MITRE ATT&CK® tactics and techniques.
- Customizable network isolation.
- Secure remote shell for Windows, macOS, Linux,
- and Kubernetes.
- File fetch malicious samples across any OS, and integrate with sandboxes for further dynamic analysis.
SOC Augmentation with MDR
- Vigilance, our in-house global SOC, offloads day-to-day operation of Singularity Complete to an elite team of analysts and hunters so you can refocus on more strategic projects.
- Vigilance Respond ensures every threat is reviewed, acted upon, documented, and escalated to you only when needed.
- Vigilance Respond Pro adds digital forensics and incident response services (DFIR) for extended analysis
- and response.