The SentinelOne Endpoint Protection Platform

Similar documents
Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

White. Paper. Rethinking Endpoint Security. February 2015

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Cybersecurity Skills Shortage: A State of Emergency

Cisco Advanced Malware Protection for Endpoints

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

This ESG White Paper was commissioned by Blue Coat and is distributed under license from ESG.

SPEAR PHISHING AN ENTRY POINT FOR APTS

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Utilizing Security Ratings for Enterprise IT Risk Mitigation Date: June 2014 Author: Jon Oltsik, Senior Principal Analyst

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Compensating Security Controls for Windows Server 2003 Security

Total year-over-year spending change in networking, (Percent of respondents) 37% 36% 35% 37% 29% 26% 16% 13% 0% 20% 40% 60% 80%

ESG Brief. Overview by The Enterprise Strategy Group, Inc. All Rights Reserved.

AccelOps NOC and SOC Analytics in a Single Pane of Glass Date: March 2016 Author: Tony Palmer, Senior ESG Lab Analyst

What is Next Generation Endpoint Protection?

Sophistication of attacks will keep improving, especially APT and zero-day exploits

The Challenge of Securing and Managing Data While Meeting Compliance

Protecting against cyber threats and security breaches

EMC Isilon: Data Lake 2.0

An Analytics-based Approach to Cybersecurity

Intelligent End User Compute Strategy. Ted Smith Nigel Brown

INTRODUCING isheriff CLOUD SECURITY

Is your organization developing its own custom applications specifically for mobile devices? (Percent of respondents, N=242)

Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

SECURE YOUR BUSINESS WHEREVER IT TAKES YOU. Protection Service for Business

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Requirements When Considering a Next- Generation Firewall

IBM Endpoint Manager for Core Protection

Symantec Advanced Threat Protection: Network

Advanced Threats: The New World Order

Product Roadmap Symantec Endpoint Protection Suzanne Konvicka & Paul Murgatroyd

Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions

Securing Cloud-Based

Symantec Endpoint Protection

INFORMATION PROTECTED

IBM Security re-defines enterprise endpoint protection against advanced malware

WEBSENSE TRITON SOLUTIONS

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

IBM Endpoint Manager Product Introduction and Overview

We Prevent Breaches (and surprises) Intelligent Prevention

Reducing the cost and complexity of endpoint management

Cisco Advanced Malware Protection for Endpoints

End-user Security Analytics Strengthens Protection with ArcSight

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

Cisco Advanced Malware Protection

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

ONLINE AND MOBILE BANKING, YOUR RISKS COVERED

Cisco Systems and the Migration from Network Access Control (NAC) to Endpoint Visualization, Access, and Security (EVAS)

Symantec Cyber Security Services: DeepSight Intelligence

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Online File Sharing and Collaboration: Deployment Model Trends

ENABLING FAST RESPONSES THREAT MONITORING

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

Security Intelligence Services.

Advanced Threat Protection with Dell SecureWorks Security Services

Next Generation Security Strategies. Marc Sarrias Regional Sales Manager

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

Zscaler Cloud Web Gateway Test

Unified Security, ATP and more

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

High End Information Security Services

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

INSERT COMPANY LOGO HERE

Symantec OpenStorage Date: February 2010 Author: Tony Palmer, Senior ESG Lab Engineer

Cisco Cyber Threat Defense - Visibility and Network Prevention

Research Perspectives

McAfee Server Security

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Virtual Desktops Security Test Report

Next-generation Security Architecture for the Enterprise

Transcription:

Enterprise Strategy Group Getting to the bigger truth. SOLUTION SHOWCASE The SentinelOne Endpoint Protection Platform Date: September 2015 Author: Jon Oltsik, Senior Principal Analyst; and Doug Cahill, Senior Analyst Abstract: The endpoint is a highly attractive entry point from which adversaries land and then move laterally across the network to the gain access to corporate data assets. The endpoint plays such a central role in the cyber kill chain (from delivery to exploitation and installation of malware) that organizations of all sizes have a strategic imperative to deploy effective security controls protecting against both known and unknown threats. To date, this has necessitated the use of multiple endpoint security solutions resulting in agent bloat impacting system performance and increasing operational cost. SentinelOne can help address emerging endpoint security requirements by eliminating the need for traditional antivirus and providing advanced detection and prevention in a single-agent solution. Overview There are a number of reasons why the endpoint is all too often the attack vector of choice, most notably human vulnerability (i.e., gullibility) that can be exploited by a variety of methods including spear phishing, drive-by downloads, malvertising, and more. The fact that today s endpoints are mobile, frequently outside of the corporate firewall, and connected to various public networks make them highly susceptible to attacks. To compound matters, by the nature of their usage, endpoints drift regularly from a standard (i.e., secure) configuration and often host outdated, vulnerable applications. Multiple Endpoint Security Agents Impact System Performance and Operational Cost The cat and mouse game that starts with the constant barrage of zero-day malware and exploits and ends with the need to repeatedly update antivirus (AV) signature files for the latest threats is a daily operational burden for IT. One-third of cybersecurity professionals surveyed by ESG indicated that signature-based AV can be ineffective against today s more sophisticated, dynamic attacks, so organizations typically need to deploy additional security controls at the endpoint, further increasing operational cost and complexity. 1 ESG s endpoint security research also found that 62% of the 340 respondents reported having two to three security agents already deployed on endpoints (see Figure 1). 1 Source: ESG Research Report, The Endpoint Security Paradox, January 2015. All ESG research references and charts in this solution showcase have been taken from this research report. This ESG Solution Showcase was commissioned by SentinelOne and is distributed under license from ESG.

Solution Showcase: The SentinelOne Endpoint Protection Platform 2 FIGURE 1. Approximate Number of Security Agents Deployed on a Typical Endpoint On average, approximately how many security agents (i.e., security software installed on an endpoint system that works autonomously and continuously to align endpoint activities with a particular security software function) are installed on a typical endpoint? (Percent of respondents, N=340) 35% 30% 31% 31% 25% 20% 20% 15% 10% 8% 7% 5% 0% 1 2 3 4 5 More than 5 Don t know 0% 1% Absent a single-agent solution to protect against both known and unknown malware, organizations have also had to pay a performance penalty that is inherent in legacy AV. These first-generation antivirus solutions employ a heavy file system scanner to match bit patterns in executables to signature entries, consuming valuable CPU cycles and memory space, and creating occasional contention for file system reads and writes. Performance degradation is exacerbated in virtualized environments, such as virtual desktop infrastructure (VDI), where file system scanning results in AV storms saturating shared hardware resources. Indeed, according to the aforementioned research, nearly half (48%) of the respondent organizations report that antivirus products adversely impact system performance. Agent fatigue is not only a performance concern, but also one of system integrity because the need to trap I/O and shim the file system can lead to incompatibilities between endpoint agents that can destabilize systems. Additional complexity is incurred by having to swivel chair between multiple management consoles, which requires that IT develop and maintain a knowledge base for multiple endpoint security products. These factors, along with managing procurement and technical support relationships with multiple vendors, contribute to increasing operational complexity and degrading system performance. Cybersecurity Professionals Want a Single Endpoint Security Solution To date, organizations faced a Faustian compromise with endpoint security. To mitigate risk, security professionals were forced to install several endpoint security tools on each system and then live with higher cost and operational complexity. Ideally, CISOs would love to address endpoint security with a single comprehensive solution. In fact, the aforementioned ESG research found that 58% of the 340 respondents indicated they want a comprehensive endpoint security solution from a single vendor (see Figure 2).

Solution Showcase: The SentinelOne Endpoint Protection Platform 3 FIGURE 2. Type of Endpoint Security Technology Approaches Most Attractive to Organizations As new endpoint security requirements arise and your organization considers new endpoint security controls and analytics, which of the following choices do you think would be most attractive to your organization? (Percent of respondents, N=340) A portfolio of endpoint security products from various vendors that establish technical partnerships to integrate their products together into a heterogeneous endpoint security suite, 8% Don t know, 1% An assortment of endpoint security technologies from various vendors, enabling my organization to choose best-of-breed products in each category, 33% A comprehensive endpoint security software suite from a single vendor, 58% More specifically, the two most-cited desired features in a comprehensive endpoint security product suite were advanced malware detection functionality and endpoint forensics. To complete the threat lifecycle and expedite reverting to a known-good system state, a notable 76% of the organizations responded that remediation and recovery functionality is a very important feature of an endpoint security suite. There is a strong appetite in today s market for a solution that detects and prevents known as well as new and unknown threats while also providing endpoint forensics and employing remediation steps to lower overall cost of ownership. Solution: SentinelOne Endpoint Protection Platform The complexities of securing today s multi-device, mobile workforce against advanced threats requires a solution that is not only comprehensive in its feature set, but also operationally efficient to deploy and manage. These new requirements are opening the endpoint security market to new types of comprehensive solutions from vendors like SentinelOne. Unlike other add-on endpoint security tools, SentinelOne can be seen as a one-stop-shop because it can eliminate the need for signature-based AV. In fact, AV-TEST, a leading independent antivirus research institute, awarded SentinelOne EPP its Approved Corporate Endpoint Protection certificate, answering a long-standing question about whether a behavioralbased approach can be effective in detecting both known and unknown malware. This certification indicates that SentinelOne EPP can replace traditional, signature-based antivirus while also providing the advanced threat detection capabilities to address new and unknown dynamic malware and exploits without adding additional performance overhead. SentinelOne s Endpoint Protection Platform employs a prescriptive, multistep methodology as the basis for its definition of next generation endpoint protection, which maps well to the threat lifecycle (see Figure 3).

Solution Showcase: The SentinelOne Endpoint Protection Platform 4 FIGURE 3. SentinelOne EPP Next Generation Endpoint Security Methodology Prevention utilizes cloud reputation services to reduce the attack surface across a wide array of endpoint devices by detecting and blocking known threats Detection uses anti-exploitation and dynamic behavioral analysis to inspect execution context protecting vulnerable applications and users from being compromised. Mitigation quarantines infected files and systems to contain the threat. Remediation for the ability to restores machines back to the state prior to malware execution eliminating the need to re-image infected systems. Endpoint Forensics provides audit-trail markers from attacks for real-time and root-cause analysis and to fortify against future threats. Aside from defense-in-depth, SentinelOne also aligns with today s IT infrastructure as it provides: Effective Use of the Cloud. The cloud is well suited to serve as both the control plane for management functionality and a delivery vehicle for threat intelligence. SentinelOne EPP offers flexible deployment options including an onpremises management server and a cloud-hosted service providing anywhere, anytime management, eliminating the need for customers to deploy and manage their own management server. The cloud is also utilized to aggregate and disseminate threat intelligence, allowing all SentinelOne EPP customers to benefit from real-time updates across the SentinelOne user base. Broad Platform Support. With Macs becoming more common in the enterprise, support for OS X is becoming a requirement for many organizations. In addition to Windows, SentinelOne EPP supports OS X, as well as Android devices, providing device coverage across the endpoint attack surface area. EPP also supports a variety of virtual environments and has ios and Linux support in the queue, an increasingly relevant operating system due to the increase of Linux server deployments. Strength via Integrations. Today s threat landscape requires organizations to employ a defense-in-depth strategy from endpoint to data center and cloud. Disparate security technologies must be integrated via standard interfaces to coordinate and expedite detection and response across an organization s infrastructure. SentinelOne EPP meets this requirement by integrating with a number of devices for example, network security appliances and SIEM servers via industry standards such as STIX, OpenIOC, and CEF formats. The Bigger Truth Endpoint security used to simply mean antivirus, but the landscape fundamentally changed with the proliferation of malware and the advent of advanced persistent threats (APTs), which revealed an attack pattern of exploiting the endpoint to install stealthy dropper code undetected by AV. This foothold on the endpoint proved effective for hackers as a means

Solution Showcase: The SentinelOne Endpoint Protection Platform 5 to lay the groundwork for a broader attack. Companies with a forward-leaning security posture initially tended to favor placing advanced controls on the network to detect these sophisticated threats. The continuation of similar breaches highlighted the need for advanced controls at the point of infection: the endpoint. Out of necessity, companies responded by deploying advanced endpoint threat detection products in addition to their antivirus products, having no choice but to pay the associated performance and operational tax. As companies grapple with the overhead of managing multiple endpoint security tools, there is a clear requirement for a solution that is both effective and operationally efficient. Based on the validation provided by AV-TEST, its comprehensive features based on a prescriptive methodology, and its modern implementation, SentinelOne is designed to meet today s set of endpoint security requirements. CISOs looking for a onestop-shop, next generation endpoint security solution may want to research, evaluate, and test SentinelOne s offering. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides actionable insight and intelligence to the global IT community. www.esg-global.com 2015 by The Enterprise contact@esg-global.com Strategy Group, Inc. All Rights Reserved. P. 508.482.0188

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information