Member Article
SentinelOne Launches Deep Visibility Module for Threat Hunting on the Endpoint
SentinelOne today launched its new Deep Visibility module for the SentinelOne Endpoint Protection Platform (EPP), making it the first endpoint protection solution to provide search capabilities for all indicators of compromise (IOCs) regardless of encryption and without the need for additional agents.
“We are bringing visibility into every edge of the network - from the endpoint to the cloud,” said Tomer Weingarten, CEO of SentinelOne. “Deep Visibility enables search capabilities and visibility into all traffic, since we see it at the source and monitor it from the core. We know that more than half of all traffic is encrypted - including malicious traffic - which makes a direct line of sight into all traffic an imperative ingredient in enterprise defense.”
Deep Visibility extends the company’s current endpoint suite abilities to provide full visibility into endpoint data, leveraging its patented kernel-based monitoring, for complete, autonomous, and in-depth search capabilities across all endpoints - even those that go offline - for all IOCs in both real-time and historic retrospective search. SentinelOne EPP with Deep Visibility enables customers to fully automate their detection to response workflow while also gaining unprecedented insight into their environment.
Deep Visibility also empowers customers to gain insights into file integrity and data integrity by monitoring file characteristics and recording data exports to external storage.
Deep Visibility monitors traffic at the end of the tunnel, which allows an unprecedented tap into all traffic without the need to decrypt or interfere with the data transport. This in turn provides a rich environment for threat hunting, that includes powerful filters, the ability to take containment actions, as well as fully automated detection and response.
Since Deep Visibility does not require an additional agent, and is a holistic part of the SentinelOne EPP platform, it is fully integrated into the investigation, mitigation and response capability sets, including process forensics, file and machine quarantine, and fully automated, dynamic remediation and rollback capabilities.
Additionally, Deep Visibility does not require any changes to network topology and does not require any certificates for installation. Visibility into encrypted traffic further enriches forensics insights and empowers security analysts with more holistic investigation capabilities without impacting the end-user experience.
“Deep Visibility is a breakthrough that will re-define how we think about perimeters,” said Weingarten. “Gaining visibility into the data pathways marks the first milestone for a real, software-defined edge network that can span through physical perimeters, to hybrid datacenters and cloud services. This is the beginning of the network of the future.”
This was posted in Bdaily's Members' News section by SentinelOne .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular morning National email for free.