Edge to Edge Enterprise Security Platform.
One platform to prevent, detect, respond, and hunt in the context of all enterprise assets. See what has never been seen before. Control the unknown. All at machine speed.
Your antivirus and firewalls are no longer enough. You need an Endpoint Detection and Response (EDR) program to actively defend your network.
Contact Me about EPP
Advanced Malware Detection
Your NGEP must be able to detect and block unknown malware and targeted attacks – even those that do not exhibit any static indicators of compromise. This involves dynamic behavior analysis – the real-time monitoring and analysis of application and process behavior based on low-level instrumentation of OS activities and operations, including memory, disk, registry, network and more. Since many attacks hook into system processes and benign applications to mask their activity, the ability to inspect execution and assemble its true execution context is key. This is most effective when performed on the device regardless of whether it is on or offline (i.e. to protect even against USB stick attacks.)
Mitigation
Detecting threats is necessary, but with detection only, many attacks go unresolved for days, weeks, or months. Automated and timely mitigation must be an integral part of NGEP. Mitigation options should be policy-based and flexible enough to cover a wide range of use cases, such as quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting it down. Quick mitigation during inception stages of the attack lifecycle will minimize damage and speed remediation.
Remediation
During execution, malware often creates, modifies, or deletes system file and registry settings and changes configuration settings. These changes, or remnants that are left behind, can cause system malfunction or instability. NGEP must be able to restore an endpoint to its pre-malware, trusted state, while logging what changed and what was successfully remediated.
Forensics
Since no security technology claims to be 100% effective, the ability to provide real-time endpoint forensics and visibility is a must. Clear and timely visibility into malicious activity throughout an organization allows you to quickly assess the scope of an attack and take appropriate responses. This requires a clear, real-time audit trail of what happened on an endpoint during an attack and the ability to search for indicators of compromise.
SentinelOne Endpoint Protection Platform
The SentinelOne Endpoint Protection Platform (EPP) offers organizations real-time, unified endpoint protection that unifies prevention, detection and response in one platform managed via a single console. SentinelOne EPP leverages advanced machine learning and intelligent automation to protect Windows, OS X, and Linux-based endpoint devices from threats across all major vectors: advanced malware (file- and memory-based), exploits and stealthy script-based attacks. It closely monitors every process and thread on the system, down to the kernel level. A view of system-wide operations – system calls, network functions, I/O, registry, and more – as well as historical information, provides a full context view that distinguishes benign from malicious behavior. Once a malicious pattern is identified and scored, it triggers an immediate set of responses ending the attack before it begins.
Responses include:
Mitigation
Easy-to-configure policies that kill the process, quarantine or delete malicious binaries and all associated
remnants, and remove the endpoint from the network.
Immunization
As soon an attack is prevented, details are immediately shared to other endpoints within the network,
immunizing those systems that might be part of a coordinated attack.
Remediation
Automatically restore deleted or modified files to their pre-attack state.
Forensics
A 360-degree view of the attack including file information, path, machine name, IP, domain, and more
(available within SentinelOne or through your SIEM)
In addition, SentinelOne EPP is a single, lightweight solution that uses an average of 1-2% CPU, so endpoints are able to do what they’re supposed to do – be a laptop, desktop, mobile device, or server. As it focuses on what’s right for each system, no signature updates/active scans are needed, and endpoints are always protected, whether you’re on or off the network. SentinelOne EPP is supported on major mobile, desktop/laptop, and server operating systems.
