FeatureSentinelOne focuses its technology primarily on artificial intelligence and machine learning, both completely patented technology and that is what differentiates it from other vendors in the space. SentinelOne’s core competency is at the agent level. So, what you see is that the AI and the machine learning are sitting at the agent level, and that allows you to do multiple things.
Tamer Odeh, Regional Sales Director, Middle East, SentinelOne says that this allows them to detect, protect, and mitigate zero-day type of attacks or known type of attacks at machine speed. So, that allows SentinelOne to respond in a much faster manner, almost equivalent to how the attacker is attacking too. These algorithms and machine learning are constantly evolving, and the aspiration is to leverage this learning into other solutions that they are working with, Odeh adds.
AI and machine learning are the core part of the product. Odeh believes that this is in fact, one of the things that they distinguish themselves in. SentinelOne believes that this is everybody’s right to evolve and take the luxury of what it has developed over time.
Detect, protect, and mitigate zero-day type of attacks or known type of attacks at machine speed
SentinelOne’s approach removes different dependencies on the human or on the cloud to make a verdict. It follows the process that lets the machine defend itself, protect itself, whether it is online or offline, leveraging its own type of learning over time.
CISO pain points
Most of the customers over the decade have addressed different types of attacks or vulnerabilities with point products. Most CISOs and CIOs are looking at consolidation of solutions or vendors.
To help in the consolidation journey, a lot of vendors try to get into spaces beyond what they are currently addressing but you need to have a good medium, where you would reduce the amount of the vendors and consoles you deal with and try to augment the usage of your existing or new vendors.
SentinelOne’s approach removes different dependencies on the human or on the cloud to make a verdict
SentinelOne with its singularity platform looks at having visibility not only for traditional endpoints, which are your workstations and laptops, but also protection of cloud workloads, Kubernetes and containers which is where the world is heading to.
SentinelOne has a forward-looking roadmap about where the next step of cloud protection is, says Odeh. The explosion of IT in IoT devices is another vector that the vendors are playing in the protection space.
With SentinelOne security platform, you can leverage the SentinelOne agent to help you in IT asset discovery, control, and visibility.
Most CISOs and CIOs are looking at consolidation of solutions or vendors
SentinelOne’s Singularity platform solution helps you address, legacy endpoints, laptop, mobile, IoT devices and cloud workloads. Odeh terms it as consolidation of security tools, integration with new tools that are coming to market and current existing ones.
SentinelOne reduces the alerts by consolidating much more of what the customer needs to address, then plug holes, by having visibility completely with a single gate.
SentinelOne XDR
Extended Detection and Response, XDR, is basically the aggregation and correlation of different telemetry points, from different sources, into a single point. And that is what SentinelOne’s recent acquisition of Scalyr allows it to do.
Odeh says that the Scalyr acquisition will allow it to collect data and give visibility to the customer on its console, through integration with third party or with products.
Born in the cloud, Scalyr’s SaaS platform unlocks the full promise of XDR. By eliminating data schema requirements from the ingestion process and index limitations from querying, Scalyr can ingest massive amounts of machine and application data in real time, enabling organisations to analyse, query, and action data with unparalleled speeds and cost-effectiveness.
This provides SentinelOne customers with autonomous, real time, and index-free threat analysis and mitigation beyond the endpoint across the entire enterprise and cloud attack surface something not possible with today’s human powered and schema-constrained cybersecurity products.
SentinelOne collects that data and contextualises it in a way that the customers can act either automatically or manually. It will all evolve and come down to a single pane of glass. The customers receive a consolidation of various alerts.
Odeh says that one of the things that distinguishes SentinelOne is the way it shows the alerts or the way it aggregates them. SentinelOne correlates multiple sequence of events into a story.
Odeh explains that they look at the threats, and those threats could have a sequence of events. SentinelOne aggregates those alerts, correlates and give a complete story to the customer or to the SOC.
The XDR story is going to come into play when you are bringing new data points and new telemetry from other solutions and SentinelOne is going to correlate those stories together, remarks Odeh. The interesting thing about SentinelOne is that it can identify the root of the attack or the result of an attack from any point, he adds.
One of the things that distinguishes SentinelOne is the way it shows the alerts or the way aggregates those
Odeh elaborates further and says that if customers search an Indicator of Compromise through the SentinelOne Deep Visibility platform, threat hunting platform, across all endpoints, they will get a result. So, from a single data point, they can extrapolate the complete story. Together with the XDR singularity platform, any data points that they get from other sources can be added to that story and the results are further enhanced provided the SOC analyst an enriched story.
Transformation challenges
Odeh says they do see a lot of customers going through various transitions and it could be digital transformation, or moving from on-premise to cloud or changing their way of working from being in office to remote.
The pandemic shifted everybody’s priorities and pushed people to consider SaaS solutions. Odeh says that people started seeing the need for accessibility to the cloud. It also introduced a new market of how to protect cloud workloads and not only protecting them, but also making the protection and the configuration consistent to what customers have on-premises.
Odeh says that many different opportunities have risen because of the change of the dynamics, and he believes that the Singularity platform has never been in the right position at the right market, as it is now.
Channel partners
SentinelOne covers Middle East, Turkey, and Africa, and is on an expansion path. Odeh believes that the expansion can be done only through the channel, scaling the partners and value-added distributors. The ideal partners are typically who sell different types of solutions, concludes Odeh.
With the forward-looking vision of integration, automation and consolidation, and the innovation around artificial intelligence and machine language, SentinelOne’s go to market with Singularity is likely to help alleviate pain points of CISOs today and well into tomorrow.
Flagship product
The SentinelOne Singularity platform is the flagship solution. SentinelOne Singularity unifies historically separate functions into a single agent and platform architecture. Platform components include EPP, EDR, IoT Control, Workload Protection.
Prevention
AI-powered models identify malware and ransomware binaries before they detonate with high degrees of precision.
ActiveEDR
Build critical context for proactive real-time detection and response and long term threat hunting in a user-friendly fashion.
IoT
Ranger IoT rogue device discovery provides visibility into all managed and unmanaged network devices and control over those devices.
Workloads
Migration of workloads to private and public cloud infrastructure is a key part of your digital transformation.
Artificial intelligence and machine learning are core part of the vendor’s product allowing response at a faster speed.
