SentinelOne Expert Flashcards
Sell Point for SentinelOne EDR
SentinelOne’s agent provides detection, protection, and remediation without a dependency on cloud connectivity (i.e. the locally installed agent provides this functionality natively). Many competitive offerings require cloud connectivity for full protection and don’t include auto-remediation of threats
Best-In-Class Response
SentinelOne has consistently had the highest number of Analytic Detections, fewest Missed Detections, fewest Delayed Detections, and fewest Detection Changes of any vendor in MITRE’s Engenuity testing year-over-year
- 1-click automated remediation capabilities
- Custom, real-time detections
- Quickly run scripts on one or multiple endpoints
- SentinelOne Storyline Active Response (STAR)™ cloud-based automated hunting, detection, and response engine
Flexible, Efficient IT and Security
Singularity XDR is a native and open platform. Customers can utilize Singularity XDR as their security platform and enable 1-click integrations with their existing security portfolio
One management console
Enterprise-grade and self-serviced
SentinelOne provides a cloud, hybrid, and on-premises solution
DevOps Friendly
Innovation is king and security cannot slow your devs down. Our agent supports 12 major Linux distributions and operates entirely in user space: no tainted kernels, no kernel panics. Devs can update their OS image at will.
Singularity Control
Control is made for organizations seeking the best-of-breed security with the addition of “security suite” features for endpoint management.
Singularity™ Control includes the following features:
Built-in Static AI and Behavioral AI analysis prevent and detect a wide range of attacks in real-time before they cause damage. Core protects against known and unknown malware, Trojans, hacking tools, ransomware, memory exploits, script misuse, bad macros, and more.
Sentinels are autonomous which means they apply prevention and detection technology with or without cloud connectivity and will trigger protective responses in real-time.
Recovery is fast and gets users back and working in minutes without re-imaging and without writing scripts. Any unauthorized changes that occur during an attack can be reversed with 1-Click Remediation and 1-Click Rollback for Windows.
Secure SaaS management access. Choose from US, EU, APAC localities. Data-driven dashboards, policy management by site and group, incident analysis with MITRE ATT&CK integration, and more.
Firewall Control for control of network connectivity to and from
devices including location awareness.
Device Control for control of USB devices and Bluetooth/BLE
peripherals.
Rogue visibility to uncover devices on the network that need
Sentinel agent protection.
Vulnerability Management, in addition to Application
Inventory, for insight into 3rd party apps that have known
vulnerabilities mapped to the MITRE CVE database.
Singularity Complete
Complete is made for enterprises that need modern endpoint protection and control plus advanced EDR features that we call ActiveEDR®. Complete also has patented Storyline™ tech that automatically contextualizes all OS process relationships [even across reboots] every second of every day and stores them for your future investigations. Storyline™ saves analysts from tedious event correlation tasks and gets them to the root cause fast. Singularity™ Complete is designed to lighten the load on security administrators, SOC analysts, threat hunters, and incident responders by automatically correlating telemetry and mapping it into the MITRE ATT&CK® framework. The most discerning global enterprises run Singularity™ Complete for their unyielding cybersecurity demands.
Complete includes all Core and Control features plus:
Patented Storyline™ for fast RCA and easy pivots.
Integrated ActiveEDR® visibility to both benign and malicious data.
Data retention options to suit every need, from 14 to 365+ days.
Hunt by MITRE ATT&CK ® Technique.
Mark benign Storylines as threats for enforcement by the EPP functions.
Custom detections and automated hunting rules with Storyline Active Response (STAR™).
Timelines, remote shell, file fetch, sandbox integrations, and more.
Numbers and Diversity
How many agents are you running on the endpoint and what are their roles? Does this vary by the operating system?
Ransomware
How do you currently handle advanced attacks and fileless attacks? How do you handle Ransomware attacks?
RCA
How do you perform event correlation and Root Cause Analysis (RCA)?
Time to Value
How many technologies do you typically use to achieve resolution? How long does it take?
What is active EDR?
The data Tsunami is autonomously correlated, to get the full story of what happened in an attack and put that data in context.
Does SentinelOne support multi-domain protection?
What is CSMP - CWPP? Skylight?
Cloud Security Posture Management (CSPM)?
What are the top 5 features of Singularity Mobile?
You can remediate the actions.
You can install it in a Sandbox environment.
Additional Warnings of malicious activity
Log alerts from start to finish
All attacked at mapped to MITRE
Can lock the device if the attack is severe enough.
Singularity Mobile - Why do they need it?
According to Google’s Project ZERO, Andriod and ISO accounted for 31% of all Zero-Days in 2021. It was 11% in 2020
70% have adopted BYOD policies for the work-from-anywhere workforce
This means that enterprise data is being accessed, downloaded, and manipulated from devices that are, quite likely, personally owned.
71% say Mobiles are critical to their business.
