Endpoint Protection

Cybersecurity

Edge to Edge Enterprise Security Platform.

One platform to prevent, detect, respond, and hunt in the context of all enterprise assets.
See what has never been seen before. Control the unknown. All at machine speed.
The SentinelOne Endpoint Protection Platform unifies prevention, detection, and response in a single purpose-built agent powered by machine learning and automation. It provides prevention and detection of attacks across all major vectors, rapid elimination of threats with fully automated, policy-driven response capabilities, and complete visibility into the endpoint environment with full-context, real-time forensics.
Your antivirus and firewalls are no longer enough. You need an Endpoint Detection and Response (EDR) program to actively defend your network.
Read a Case Study

Cybersecurity

Next Generation
Endpoint Protection (NGEP)

Your Next Generation Endpoint Protection (NGEP) solution needs to address four core pillars that, when taken together, can detect and prevent the most advanced attack methods at every stage of their lifecycle:
Read Our Endpoint Protection Guide

Advanced Malware Detection

Your NGEP must be able to detect and block unknown malware and targeted attacks – even those that do not exhibit any static indicators of compromise. This involves dynamic behavior analysis – the real-time monitoring and analysis of application and process behavior based on low-level instrumentation of OS activities and operations, including memory, disk, registry, network and more. Since many attacks hook into system processes and benign applications to mask their activity, the ability to inspect execution and assemble its true execution context is key. This is most effective when performed on the device regardless of whether it is on or offline (i.e. to protect even against USB stick attacks.)

Mitigation

Detecting threats is necessary, but with detection only, many attacks go unresolved for days, weeks, or months. Automated and timely mitigation must be an integral part of NGEP. Mitigation options should be policy-based and flexible enough to cover a wide range of use cases, such as quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting it down. Quick mitigation during inception stages of the attack lifecycle will minimize damage and speed remediation.

Remediation

During execution, malware often creates, modifies, or deletes system file and registry settings and changes configuration settings. These changes, or remnants that are left behind, can cause system malfunction or instability. NGEP must be able to restore an endpoint to its pre-malware, trusted state, while logging what changed and what was successfully remediated.

Forensics

Since no security technology claims to be 100% effective, the ability to provide real-time endpoint forensics and visibility is a must. Clear and timely visibility into malicious activity throughout an organization allows you to quickly assess the scope of an attack and take appropriate responses. This requires a clear, real-time audit trail of what happened on an endpoint during an attack and the ability to search for indicators of compromise.

SentinelOne Endpoint Protection Platform

The SentinelOne Endpoint Protection Platform (EPP) offers organizations real-time, unified endpoint protection that unifies prevention, detection and response in one platform managed via a single console. SentinelOne EPP leverages advanced machine learning and intelligent automation to protect Windows, OS X, and Linux-based endpoint devices from threats across all major vectors: advanced malware (file- and memory-based), exploits and stealthy script-based attacks. It closely monitors every process and thread on the system, down to the kernel level. A view of system-wide operations – system calls, network functions, I/O, registry, and more – as well as historical information, provides a full context view that distinguishes benign from malicious behavior. Once a malicious pattern is identified and scored, it triggers an immediate set of responses ending the attack before it begins.

Responses include:

  • icons

    Mitigation

    Easy-to-configure policies that kill the process, quarantine or delete malicious binaries and all associated
    remnants, and remove the endpoint from the network.

     

  • icons

    Immunization

    As soon an attack is prevented, details are immediately shared to other endpoints within the network, immunizing those systems that might be part of a coordinated attack.

     

  • icons

    Remediation

    Automatically restore deleted or modified files to their pre-attack state.

     

  • icons

    Forensics

    A 360-degree view of the attack including file information, path, machine name, IP, domain, and more (available within SentinelOne or through your SIEM)

     

See How SentinelOne Performed in the 2020 ATT$CK Evaluation
In addition, SentinelOne EPP is a single, lightweight solution that uses an average of 1-2% CPU, so endpoints are able to do what they’re supposed to do – be a laptop, desktop, mobile device, or server. As it focuses on what’s right for each system, no signature updates/active scans are needed, and endpoints are always protected, whether you’re on or off the network. SentinelOne EPP is supported on major mobile, desktop/laptop, and server operating systems.