Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real-time, Unified Endpoint Protection

Published byCuthbert Walker Modified over 6 years ago

Similar presentations

Presentation on theme: "Real-time, Unified Endpoint Protection"— Presentation transcript:

1 Real-time, Unified Endpoint Protection
Jared Branda – Account Director – East Company started in 2013 We have about 350 customers today SentinelOne was formed by an elite team of cyber security and defense experts from IBM, Intel, Check Point Software Technologies, McAfee, Palo Alto Networks and the Israel Defense Forces One of the founders (Almog) was head of innovation at CheckPoint

2 Real-Time, Unified Endpoint Protection
is a next-generation endpoint protection company that delivers real-time detection, prevention and remediation of advanced threats in a single platform. Complete visibility into all endpoint activity without any performance drag Dynamic behavior analysis to detect threats across all major vectors Fully automated threat mitigation and remediation Visionary 2017 Magic Quadrant for Endpoint Protection Platforms Certified Antivirus replacement NARRATIVE Per Gartner Group. We are the ONLY EPP platform that has EDR. Single agent/single platform We are also the only AV replacement certified EPP platform. We tested very highly for detection low false positive rates. We can provide statistics from AV-Test.org “SentinelOne is the only vendor in this quadrant that includes endpoint detection and response in it’s core platform” – Gartner Group “SentinelOne is a good prospect to replace or augment existing EPP solutions for for any company looking for a fresh approach and integrated EDR…” – Gartner Group SentinelOne is a next-generation endpoint protection company delivering real-time detection, prevention and remediation of advanced threats in a single platform. We do this through dynamic behavior tracking and analysis to detect-- in real-time-- threats across all vectors of attack (malware, exploit, script). We closely monitor all system activities to identify when applications or processes are showing malicious behavior and mitigate threats in real time. You can use SentinelOne to replace your existing antivirus solution while also providing protection against exploit and insider-based, with a single lightweight agent. In addition we provide deep endpoint visibility, search and forensics.

3 The SentinelOne Endpoint Protection Platform
Nation-grade APTs RESPONSE DETECTION 360-degree Attack View Forensics Single Autonomous Agent 50MB Memory Footprint Single Management Console Supports up to 25,000 Endpoints Cloud or On-Premise Deployment APTs File-less / Memory-only malware Exploits & script-based attacks DYNAMIC PROTECTION PREVENTION STATIC PROTECTION File-based malware Dynamic Whitelisting / Blacklisting Cloud Intelligence Mitigation Remediation Rollback Auto-immunize Blocked files & applications Advanced Deep File Inspection Dynamic Behavior Detection Behavior Engine - Ransomware has different families out there and a million new variations every day,” said Weingarten. “But if you think about the actual behavior of ransomware across all the families and variants, it’s always pretty much the same.” Common threats PRE-EXECUTION ON-EXECUTION POST-EXECUTION

4 Advanced Static Prevention
Major breakthrough in signature-less detection, based on machine learning Deep File Inspection (DFI) engine prevents advanced malware-- on access Supported on all endpoint platforms: Windows / MacOS / Linux Engine supports all mitigation actions 31,000 Unique file characteristics defined and referenced Known and unknown file-based malware Runs on windows, MAC and Linux

5 Multi-layered Protection Across Major Threat Vectors
Dynamic Whitelisting / Blacklisting Reduce overall attack surface by blocking known bad programs Advanced Static Prevention Deep File Inspection engine uncovers known and unknown malware-- upfront Behavior-based Threat Detection Dynamically detect the most advanced attacks across any vector Through autonomous monitoring and dynamic behavior tracking, SentinelOne detects malicious activity across multiple vectors, keeping all of your endpoints steps ahead of any threat in real-time before it can spread across your environment. The autonomous SentinelOne agent performs full system monitoring of all low-level activity on the endpoint: OS kernel, memory, disk, registry, network, and more, building a complete context of normal application behavior. It detects and tags anomalies using behavioral logic derived from advanced data science and machine learning. It predicts the attack sequence, using dynamic behavior tracking to accurately sort, optimize, and build context around an attack. SentinelOne EPP performs true real-time forensic analysis and builds intuitive Attack Storyline visualizations of malicious behavior.

6 Best-in-class Next-Generation Endpoint Protection
Certified Proven Recognized SentinelOne is a certified replacement for Antivirus Our customers include: Visionary MQ for Endpoint Protection Platforms The #3 cloud hosting provider The #1 retailer The #1 internet television network The #1 online travel chain The #2 financial exchange Certifications: PCI DSS 3.1 (2016) and HIPAA (2016)

7 SentinelOne EPP Differentiation
Backed by our Cyber Security Guarantee (covers up to $1M in event of successful ransomware attack) 1 console/1 agent for detection, prevention, remediation, forensics & (no need for additional tools) with native support of Mac OS X, Linux & Windows Remediation – ability to quarantine/kill malicious processes & rollback registry changes and deleted/encrypted files

8 SentinelOne EPP Differentiation continued
Behavior-based detection with no signatures required – ability to detect advanced zero-day attacks, along with file-less malware, exploits and live/insider threats without the need to have internet connection Real-time forensics on all attack vectors Easy to deploy and manage – on-going training included if needed. No additional FTE/OPEX SentinelOne can detect/block pre-execution, upon execution & post execution attacks

9

10 Effective Endpoint Protection Needs to Address the Entire Advanced Threat Lifecycle
Pre-Execution On Execution Post-Execution Prevention + Whitelisting / Blacklisting Dynamic Malware Detection Mitigation Remediation Dynamic Exploit Detection Forensics From the endpoint device perspective, the threat execution lifecycle can be divided into three phases: pre-execution, on execution and post-execution. PRE-EXECUTION: STATIC PREVENTION, WHITELISTING AND BLACKLISTING Any file-based malware can be prevented from executing on a target endpoint device—provided that the attack code has been previously detected and can be identified upfront as a known threat. This is the essence of legacy antivirus software; its ability to block known threats from executing by directly matching a threat to signatures that exist within the antivirus software’s management layer. More recently, organizations have begun supplementing the shortcomings of their antivirus software by deploying whitelisting and blacklisting technology as an additional layer of protection. These techniques combine to form a brute force method of gating which applications are allowed to run on a particular endpoint device. This form of prevention is an effective means of significantly shrinking the organization’s overall attack surface, and makes hackers and cybercriminals work harder (and spend more money) to penetrate the organization’s IT infrastructure via the endpoint. By today’s standards, pre-execution protection should be considered table stakes for any approach to securing the endpoint. ON EXECUTION: DYNAMIC DETECTION OF ADVANCED MALWARE AND EXPLOITS The execution phase is where an unknown threat (often a carefully wrapped or altered variant of a known threat) escapes initial detection and begins to execute on the endpoint device. It is during execution where continuous analysis of system activity is performed in order to identify malicious behavior. Detection of advanced malware and exploits by dynamic methods was first pioneered by network-based sandbox technologies which emulate endpoints and execute suspicious content with the goal of trying to identify new, never-before-seen, threats. As new threats are detected, signatures are created and distributed to the perimeter firewall with the hopes that they can be blocked during pre-execution from that point forward. Increasingly, organizations are adding new, behavior-based endpoint security solutions to prevent advanced threats that aren’t detected at the network level. These solutions focus on the real-time identification of malicious behaviors used by malware, exploits and stealthier script-based attacks. This is achieved by monitoring all system level activities from the kernel space on up, forming context to allow for the quick identification and isolation of malicious patterns that are linked to a new threat. These new solutions have proven to be more effective against advanced threats and are increasingly used as a replacement to antivirus. It is also important to note that the depth and extensiveness of activity monitoring on the endpoint device determines the practicality of any forensics information that can be rendered. This is key ingredient to successful post-execution processes. POST-EXECUTION: MITIGATION, REMEDIATION AND FORENSIC ANALYSIS Once an attack successfully executes on one or more endpoints, the organization remains vulnerable until security personnel can fully mitigate it, stopping its lateral spread and eliminating it from affected devices. Many technologies today are focused on identifying and alerting to the existence of a threat. This sends incident response personnel into a scramble, armed with a combination of mitigation and forensics tools and manual procedures through which attempts at finding and quarantining infected systems are made. Sometimes, expert security consultants are called in (at a considerable expense) when internal teams need assistance with mitigation, remediating affected files, or generating and interpreting forensic data. Ultimately, the most effective response is one where attack mitigation and remediation are executed immediately, at the initial point of detection. This is validated through Gartner’s Adaptive Security Architecture, and has been adopted by a few pioneers who are integrating detection, prevention and response for a more complete approach. SUMMARY Pre-execution measures reduce the overall attack surface by blocking known threats and gating which applications are allowed to run Sophisticated threats can be detected via dynamic behavioral tracking and analysis, performed as the suspicious process executes (ON execution) When a threat is detected, the organization is still widely vulnerable until the threat can be fully neutralized, making machine-speed mitigation and remediation critical. Reducing vulnerability to evolving new threats requires understanding the full context of each new attack through precise and detailed forensics

11 Optimizing Endpoint Protection with SentinelOne
Unified Approach Multi-Solution Approach Pre-Execution Static Prevention + Whitelisting / blacklisting Single lightweight agent Single management console Fewer FTEs Reduced TCO Multiple agents Multiple management consoles More FTEs > 4x TCO of SentinelOne Endpoint Protection Platform On Execution Dynamic Malware Detection Dynamic Exploit Detection EMET Post-Execution Mitigation Remediation There are many options available to organizations seeking to build a comprehensive endpoint protection strategy, however any piecemeal approach involving a collection of point solutions will always translate to higher management and interoperability complexity. Although personnel costs and IT infrastructure performance impact will vary considerably from organization to organization, a consolidated approach leveraging a platform that both protects against all major threat vectors and provides full endpoint visibility and response capabilities is the best choice. It not only minimizes costs associated with management and infrastructure complexity, but it delivers more value on a per-endpoint basis than multiple tools, whose functionality can overlap. In a recent analysis, the license and management costs for the piecemeal endpoint security approach amounted to over 4x the total cost of ownership of the solution based on the SentinelOne Endpoint Protection Platform. SentinelOne delivers exceptional value; it protects the endpoint from the broadest set of threat vectors (file-based and file-less malware, advanced exploits, and insider and script-based attacks). Furthermore, it enables full visibility into endpoint activity, and delivers detailed forensics in real-time. Forensics

12 SentinelOne Benefits Superior detection of advanced threats without performance overhead Automated threat mitigation at machine speed Visualize attacks with real-time forensics Seamlessly adapt against the latest threats > Cut TCO by up to 5x over multi-solution approaches Protect user endpoints and data center servers with a single platform Easily deployable across enterprise-scale environments Superior detection of advanced threats without performance overhead Through lightweight deep-system monitoring and dynamic behavior tracking, SentinelOne is highly effective in detecting and preventing the most advanced malware, exploits and live attacks. Automated threat mitigation at machine speed. SentinelOne intelligently automates the entire response process, relieving IT teams of exhaustive and error-prone manual mitigation procedures. It rapidly eliminates threats and returns endpoint devices back to trusted states, closing the time gap during which your organization is still vulnerable. Visualize attacks with real-time forensics. SentinelOne generates forensic information and intuitive Attack Storyline visualizations, mapping out the attack's point of origin and progression across endpoints and other systems in real-time. Seamlessly adapt against the latest threats. SentinelOne auto-immunizes endpoints, notifying other SentinelOne Agents on the network as soon as a threat is identified. It also leverages up-to-the-minute cloud threat intelligence and leading reputation services to extend protection. Substantially lower TCO than AV-based solutions. Deploy rapidly and manage with ease. SentinelOne’s practically silent operation doesn’t impact endpoint device performance, allowing users to maintain peak productivity Single platform protects both user endpoints and data centers. SentinelOne deploys across Windows, OS X and Linux-based endpoints, delivering superior threat protection for physical, virtual, and cloud-based computing environments with a single platform. Easily deploy across enterprise-scale environments. Deploy SentinelOne as an on-premise or as a cloud-based service to protect Windows, OS X and Linux-based endpoints.

13 The Endpoint is the New Perimeter
Endpoints are primary targets. This is where sensitive data lives. Endpoints are your organization’s weakest link. Endpoint platforms are diverse, and often drift from standard configuration with frequent exposure to unsecured networks The endpoint is the new perimeter For today’s enterprise organizations, corporate endpoints (desktops, laptops, mobile devices and servers) are numerous and diverse. Many are mobile, and thus frequently used outside the protective perimeter while connecting various public networks make them highly susceptible to attacks. To compound matters, endpoints drift regularly (by nature of their usage) from a standard configuration and often host outdated, vulnerable applications. Endpoints ultimately present a highly vulnerable attack surface to hackers and nation states seeking to gain access to sensitive information or cause damage to the organization.

14 AV is no Match for the New Threat Landscape
Malware Ransomware, trojans, worms, backdoors File-less / Memory-based malware Exploits Document-based exploits Browser-based exploits Live Attacks Script-based: Powershell, Powersploit, WMI, VBS Credentials: credential-scraping, Mimikatz, tokens THE THREAT LANDSCAPE TODAY IS MUCH MORE THAN FILE-BASED MALWARE Enterprise organizations collectively face billions of highly sophisticated attacks across multiple vectors—not just le-based malware. In fact, even the malware that AV would normally catch is often altered and packaged in ways that make it appear new or benign, allowing it to completely evade detection. Common techniques include using polymorphic malware, packers and wrappers. Threat prevention by static methods alone provides little protection. Threats are also specifically designed to infiltrate the organization and slip past security, using one-of-a-kind polymorphic malware and obfuscation techniques to avoid detection. Once inside, they set up command and control (C&C) communications, open backdoors, and steal data, resulting in substantial financial loss and reputation damage. Malware Ransomware, trojans, worms, backdoors File-less / Memory-based malware Exploits Document-based exploits: Office doc exploits, Adobe macros, spearphishing s Browser-based exploits: Drive-by downloads, Flash, Java, iFrame/HTML5 plug-ins Live / Insider attacks Script-based: Powershell, Powersploit, WMI, VBS Credentials: credential-scraping, Mimikatz, tokens

15 Predict Malicious Behavior
Lightweight, Autonomous Agent Continuously monitors all low-level activity on the endpoint device, online or offline Dynamic Behavior Tracking Predicts how attacks unfold against context of normal application behavior Real-Time Forensic Analysis 360-degree views of threat behavior, with Attack Storyline Predict Malicious Behavior Through autonomous monitoring and dynamic behavior tracking, SentinelOne detects malicious activity across multiple vectors, keeping all of your endpoints steps ahead of any threat in real-time before it can spread across your environment. The autonomous SentinelOne agent performs full system monitoring of all low-level activity on the endpoint: OS kernel, memory, disk, registry, network, and more, building a complete context of normal application behavior. It detects and tags anomalies using behavioral logic derived from advanced data science and machine learning. It predicts the attack sequence, using dynamic behavior tracking to accurately sort, optimize, and build context around an attack. SentinelOne EPP performs true real-time forensic analysis and builds intuitive Attack Storyline visualizations of malicious behavior.

16 Rapidly Eliminate Threats
Zero-Touch Mitigation Policy-based; covers all endpoints for decisive incident response Robust Containment Stops lateral threat movement by disconnecting the device from the network Full Remediation Reverses malware-driven file modifications Rapidly eliminate threats. SentinelOne’s fully-automated, integrated response capabilities eliminate threats and roll manipulated files back to trusted states, closing the gap between detection and response during which your organization is still vulnerable. SentinelOne EPP alerts personnel of the threat, shuts down the attack, removes malware, and rolls back changes when possible.

17 Seamlessly Adapt Defenses
Cloud Intelligence Extend protection by leveraging threat intelligence from select reputation services Auto-Immunization Notify all Agents on the network when a new threat is detected Seamlessly adapt defenses. SentinelOne employs cloud intelligence and machine learning to seamlessly adapt your endpoint defenses against the latest malware, exploits and attacks. It prevents the spread of infection to other endpoint devices by sharing attacks’ behavioral patterns with other SentinelOne agents. It also leverages up-to-the-minute cloud threat intelligence and leading reputation services to extend protection. SentinelOne employs an elite team of cybersecurity researchers focused on researching the latest threats to enhance protection.

18 Visionary: 2016 Gartner MQ for Endpoint Protection Platforms
“SentinelOne is the only vendor in this analysis that includes full EDR-type functionality in the core platform. SentinelOne is a good prospect to replace or augment existing EPP solutions for any company looking for a fresh approach and integrated EDR…”

Download ppt "Real-time, Unified Endpoint Protection"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Hacker Zombie Computer Reflectors Target.

Hacker Zombie Computer Reflectors Target.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.

A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:

November 19, 2008 CSC 682 Use of Virtualization to Thwart Malware Written by: Ryan Lehan Presented by: Ryan Lehan Directed By: Ryan Lehan Produced By:
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.

Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.

BUFFERZONE Advanced Endpoint Security Data Connectors-Charlotte January 2016 Company Confidential.
© 2015 IBM Corporation John Guidone Account Executive IBM Security 267-238-3407 IBM MaaS360.

© 2015 IBM Corporation John Guidone Account Executive IBM Security IBM MaaS360.
Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Rapid Detection & Incident Response What, Why and How March 2016 Ft Gordon.

Similar presentations

Ads by Google