SentinelOne Endpoint Protection Platform (EPP) is an antimalware solution that protects against targeted attacks, malware, and zero-day threats through behavioral analysis and process whitelisting and blacklisting. The client agent, which analyzes the behavior of processes on Windows, OS X, Linux, and Android endpoints, can replace or run alongside other signature-based antimalware solutions. SentinelOne EPP stands out not only for its protection capabilities but also for its excellent forensics and threat analysis.SentinelOne evaluates process behavior based on "dynamic execution patterns." The agent scans endpoints, indexes application files and processes, and sends information about them to the cloud where they are assigned reputation scores. When scores surpass policy thresholds, processes can be killed, files quarantined, and endpoints rolled back to the last known-good state. Metadata about processes and files are pooled among SentinelOne's customers, building an anonymous threat intelligence network that benefits everyone.To read this article in full or to leave a comment, please click here(Insider Story)
In the past year we've seen an influx of endpoint detection and response (EDR) tools that promise to bring order, through greater visibility, to the wild west of endpoints within a large organization. The scenario is all too common: IT security usually doesn't know all of the hardware and software assets that need to be protected, yet has to protect them. Even as we struggle to put security controls in place for prevention, we know that many of these endpoints are already compromised by active threats that need to be detected, assessed, quarantined, and remediated.EDR tools are built for detection and response (hence the category name), and most leave it at that. Promisec adds sophisticated remediation to Promisec Endpoint Manager (PEM), which is precisely why I was interested in getting a close look at the product. Like other EDR products, PEM can scan endpoints on a schedule to detect anomalies or abnormalities and verify that security controls -- such as required applications, patches, settings, and so on -- are in place. Unlike other products in the category, PEM can also launch scripts on the endpoints to take corrective action.To read this article in full or to leave a Continue reading
In the past year we've seen an influx of endpoint detection and response (EDR) tools that promise to bring order, through greater visibility, to the wild west of endpoints within a large organization. The scenario is all too common: IT security usually doesn't know all of the hardware and software assets that need to be protected, yet has to protect them. Even as we struggle to put security controls in place for prevention, we know that many of these endpoints are already compromised by active threats that need to be detected, assessed, quarantined, and remediated.To read this article in full or to leave a comment, please click here(Insider Story)
Matthew D. Sarrel