SentinelOne has released the SentinelOne Endpoint Detection and Response (EDR), available via channel partners, which expands its core execution inspection technology with cloud intelligence, application whitelisting and real-time forensics.
This broader security coverage enables SentinelOne EDR to provide a continuous cycle of protection against both known and zero-day attacks on Windows, Mac and Android computing devices, including servers and embedded systems. The capabilities build upon SentinelOne?s existing predictive execution inspection engine which dynamically tracks each newly-created process on a machine to block malware, exploits and zero-day attacks.
According to Gartner, the endpoint detection and response (EDR) market is an emerging market created to satisfy the need for continuous protection from advanced threats at endpoints (desktops, servers, tablets and laptops), ? most notably significantly improved security monitoring, threat detection and incident response capabilities. These tools record numerous endpoint and network events and store this information in a centralized database. Analytics tools are then used to continually search the database to identify tasks that can improve the security state to deflect common attacks, to provide early identification of ongoing attacks (including insider threats), and to rapidly respond to those attacks. These tools also help with rapid investigation into the scope of attacks, and provide remediation capability.?
To proactively block known threats, SentinelOne EDR now provides continuous ?passive scanning? which combines cloud intelligence and processing. Since its agent monitors every file and process on the endpoint, SentinelOne EDR automatically sends information to the cloud where it is scanned in real time by over 40 engines that incorporate intelligence from leading reputation services. When a threat is detected it is immediately blocked on the endpoint before it can cause any damage. From a performance and administration standpoint, SentinelOne?s passive scanning has zero impact on endpoints and does not require on-device updates.
It also provides the ability to specify which applications are considered safe to run with automatic blacklisting of malicious applications that are detected by its predictive execution inspection engine. The blacklist capability prevents a malicious application from spreading to other endpoints in the organization. For easy discovery and initial whitelist configuration, SentinelOne EDR provides real-time visibility into all applications running on an endpoint, and also protects against tainted whitelisted applications.
“?Behavioral monitoring of threats on the endpoint is the only way to detect and protect against the advanced evasion techniques that now come standard with modern malware platforms, especially ransomware and financial trojans,”? said Tomer Weingarten, CEO of SentinelOne. ?”Building on our predictive execution inspection technology and visibility into all endpoint activity we?ve added new capabilities to provide a continuous cycle of detection, prevention and protection. In addition, our new cloud-based approach for addressing known threats provides superior detection without the performance impact of scans on the endpoint or update maintenance overhead.?”