SlideShare a Scribd company logo

SentinelOne Buyers Guide

Exclusive Networks ME
Exclusive Networks ME

SentinelOne was founded in 2013 by an elite group of cybersecurity and defense experts who share a strong passion for disruption, and a clear vision for a path forward in a post-antivirus era. Building on their experiences learned at Check Point Software Technologies, IBM, Intel Security, Palo Alto Networks, and White Hat Security, the team is committed to the mission of defeating advanced cyber threats and instilling confidence in our digital way of life. Find out more at https://sentinelone.com

Technology
1 of 9
Download to read offline
1 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Next Generation Endpoint Protection Buyer’s Guide
Contents Introduction 3 Today’s Security Landscape Why Traditional Security is Not Working Is Antivirus Dead? Sandboxing as a Defense? A New Approach to Endpoint Security 5 Next Generation Endpoint Protection Next Generation Endpoint Protection as an Antivirus Replacement Six Things Your NGEP Must Do Evaluating Next Generation Endpoint Protection Vendors 7 Evaluation Questions Licensing Why SentinelOne? 8 A Brief History SentinelOne Endpoint Protection Platform AV-Test Certification Testimonials Next Steps ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide
3 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Today’s Security Landscape In the past two decades of tech booms, busts, and bubbles, two things have not changed - hackers are still finding ways to breach security measures in place, and the endpoint remains the primary target. And now, with cloud and mobile computing, endpoint devices have become the new enterprise security perimeter, so there is even more pressure to lock them down. Companies are deploying piles of software on the endpoint to secure it - antivirus, anti-malware, desktop firewalls, intrusion detection, vulnerability management, web filtering, anti-spam, and the list goes on. Yet with all of the solutions in place, high profile companies are still being breached. The recent attacks on large retail and hospitality organizations are prime examples, where hackers successfully used credit-card-stealing-malware targeting payment servers to collect customer credit card information. Why Traditional Security is Not Working There is a fundamental problem with the security that leaves us basically in the same spot: it is looking for something known - a known hash, IP address, vulnerability, behavior. Ultimately hackers are able to use enough masking techniques to bypass the security software, leaving the server or laptop once again the victim of an attack. It’s very easy to alter this malicious code with downloaded or created tools to bypass security measures. Anyone who has basic coding skills can do it. The diagram to the right shows a few attack masking techniques, which are often used in conjunction with each other to take a known binary and cause it to appear completely new, unknown, and benign on the surface. Along with masking techniques, hackers are using different vectors or paths to deliver the malicious code and carry out their attacks. Top attack vectors are listed to the right. Attacks can be single-vector or part of a multi-vector, more sophisticated attack. Introduction Variations/ Obfuscators Alters known malicious code to make it appear new/different Packers Designed to ensure code runs only on a real machine (anti-virtual machines, sleepers, interactions, anti-debug) Targeting Allows code to run only on a specific targeted machine or device with specific configuration Malware The code that runs on the victim’s machine Wrappers Designed to turn code into a new binary Attack Masking Techniques
4 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Is Antivirus Dead? Antivirus has been around now for 25 years, yet has not innovated to protect against attacks that use unknown threat techniques. It continues to look for a known hash, and small changes to the hash can bypass the system. Antivirus also overlooks the fact that attacks can be file-less, infecting the memory and writing directly to RAM rather than file systems. In addition, antivirus is known to not be user-friendly, hogging bandwidth with updates, and spiking CPU with resource-intensive scans. This not only leads to downtime, but often causes users to get frustrated and take strides to disable the software or ignore security warnings. Sandboxing as a Defense? Approximately 5 years ago, network-based sandboxes began entering the scene. They, in essence, “emulate” the execution of unknown files inside a virtual machine residing on the network and monitor file behavior throughout its execution inside the “protected” environment. While these solutions have been able to increase detection rates of new threats, they are far from being 100% effective. Attackers quickly realized while their current packing techniques could not be used to bypass the sandbox environment, they just needed to detect the environment, which could easily be done by noticing limited emulation time, lack of user interaction, and only a specific image of the OS. Once the environment is identified, they ensure their malicious code will not run in the emulated environment, will be flagged as benign, and will continue its route to the end device and only run there (where the endpoint antivirus can do little to stop it). With the new threat landscape, a new model that uses a different approach is needed. Executables Malware, Trojans, Worms, Backdoors, Payload-based Fileless Memory-only malware No disc-based indicators Documents Exploits rooted in Office documents, Adobe, Macros. Spearphishing emails Browser Drive by downloads, Flash, Java, Javascript, vbs, iframe/html5, plug-ins Scripts Powershell, WMI, PowerSploit, VBS Credentials Credentials scraping, Mimikatz, Tokens Attack Vectors Live/Insider Threats ExploitsMalware
5 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Next Generation Endpoint Protection In the past couple of years, a new type of technology emerged designed to detect and prevent threats at the endpoint using a unique behavior-based approach. Instead of looking for something known or it’s variant like signature-based detection, next-generation endpoint security is looking at the system behavior to identify suspicious activity. Endpoint detection and response (EDR) monitors for activity and enables administrators to take actions on incidents to prevent them from spreading throughout the organization. Next-Generation Endpoint Protection (NGEP) goes a step further and takes automated actions to prevent and remediate attacks. Until recently, administrators have been hesitant to use the protection capabilities because of false positives associated with flagging unusual behavior that isn’t malicious. Skype, for example, defies many rules of a ‘normal’ application, jumping ports and protocols, yet it’s a legitimate application often used for business use. The NGEP must have the ability to learn the local systems and environment so it doesn’t flag benign behavior. A New Approach to Endpoint Security Next Generation Endpoint Protection as an Antivirus Replacement If you’re evaluating next-generation endpoint security solutions, you may be thinking it’s yet another tool to install and potentially bloat your endpoint (as well as your budget.) And if you’re in a regulated industry, you may be required to keep your antivirus and install endpoint protection as an additional layer to protect against new and unknown attacks. Many next-generation endpoint security vendors would actually not claim that they can be an Antivirus replacement. But if the next-generation vendor has been tested and certified as meeting Antivirus requirements (and passing the detection test), you can consider replacing your Antivirus with next-generation endpoint security. To completely replace the protection capabilities of existing legacy, static-based endpoint protection technologies, NGEP needs to be able to stand on its own to secure endpoints against both legacy and advanced threats throughout various stages of the attack lifecycle.
6 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Your Next Generation Endpoint Protection (NGEP) solution needs to address six core pillars that, when taken together, can detect and prevent the most advanced attack methods at every stage of their lifecycle: Six Things Your NGEP Must Do 1 Known Attack Prevention. We explored above how only looking for known threats won’t protect against variants or unknown attacks, but coupling it with additional security layers can pre-emptively stop known threats before they can execute on endpoints. However, instead of relying on a single vendor’s intelligence, make sure your NGEP uses a vast collection of reputation services to proactively block threats and bad sources. Be sure the NGEP vendor uses data from the cloud, indexing files for passive scanning or selective scanning to keep it lightweight, instead of performing resource- intensive system scans. 2 Dynamic Exploit Detection. Hackers often use exploits to target code-level vulnerabilities so they can breach systems and execute malware. Drive-by downloads are a common vector for carrying out exploit attacks. NGEP should provide anti-exploit capabilities to protect against both application and memory- based attacks. This should be achieved by detecting the actual techniques used by exploit attacks - for example: heap spraying, stack pivots, ROP attacks and memory permission modifications - not by using methods that are dependent on static measures, like shellcode scanning. This approach is much more reliable in detecting unknown attacks, since the exploitation techniques themselves are not as easy to change or modify as the shellcode, encoder, dropper and payload components used in malware. 3 Advanced Malware Detection. Your NGEP must be able to detect and block unknown malware and targeted attacks - even those that do not exhibit any static indicators of compromise. This involves dynamic behavior analysis - the real-time monitoring and analysis of application and process behavior based on low-level instrumentation of OS activities and operations, including memory, disk, registry, network and more. Since many attacks hook into system processes and benign applications to mask their activity, the ability to inspect execution and assemble its true execution context is key. This is most effective when performed on the device regardless of whether it is on or offline (i.e. to protect even against USB stick attacks.) 4 Mitigation. Detecting threats is necessary, but with detection only, many attacks go unresolved for days, weeks, or months. Automated and timely mitigation must be an integral part of NGEP. Mitigation options should be policy-based and flexible enough to cover a wide range of use cases, such as quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting it down. Quick mitigation during inception stages of the attack lifecycle will minimize damage and speed remediation. 5 Remediation. During execution, malware often creates, modifies, or deletes system file and registry settings and changes configuration settings. These changes, or remnants that are left behind, can cause system malfunction or instability. NGEP must be able to restore an endpoint to its pre-malware, trusted state, while logging what changed and what was successfully remediated. 6 Forensics. Since no security technology claims to be 100% effective, the ability to provide real-time endpoint forensics and visibility is a must. Clear and timely visibility into malicious activity throughout an organization allows you to quickly assess the scope of an attack and take appropriate responses. This requires a clear, real-time audit trail of what happened on an endpoint during an attack and the ability to search for indicators of compromise.
7 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Evaluation Questions Now that you know what to look for in a next-generation endpoint protection solution, you’ll need to start evaluating vendors on your shortlist. Request an evaluation from the vendor, and make sure it’s full production software so that you can see how it will actually perform in your environment and against the security test you’ve outlined. For your evaluation, take the following considerations into account: 1. For endpoints (including mobile devices, if supported), which operating systems and major operating system versions are supported? For each of these, what are the performance requirements (CPU, memory, storage)? 2. How, in technical methods, does the product detect attacks from each vector - including malware, exploits, and live/insider threats? 3. How frequently are updates made available? Are updates pushed or pulled to the endpoint? Do the updates require any user intervention (i.e. reboot?) 4. Can the product prevent threats if the endpoint is offline from the network? 5. How scalable is the product? How many clients can be supported by each management console? 6. Is the management server cloud-based or on-premise? 7. What is done to prevent false positives and learn benign system behavior? What is the current false positive rate? 8. Do they integrate with SIEM systems for incident management? Evaluating Next Generation Endpoint Protection Vendors 9. Are there prevention policies to protect against threats in real-time? 10. What levels of contracted support does the endpoint protection vendor provide? Are software updates and upgrades part of the licensing fee? Licensing and PRICING Typically, endpoint protection products are purchased as licenses per user or per endpoint, often in 1-year, 2-year or 3-year increments. Vendors typically offer volume discounts for larger environments. License costs vary, but are usually $30 to $70 for each endpoint license per year, depending on the vendor and number of licenses purchased. The cost can be deceptive, as some endpoint protection products may provide narrow functionality that requires additional products to be installed. Weigh the cost in terms of functionality and how many products you have to install for total endpoint security. For example, do you have to purchase separate products for any of the below, or is all of it included in the next-generation endpoint protection platform? Evaluate the true cost before making a decision. AntiVirus $25 Host-Based IPS (HIPS) $29 Endpoint Forensics/EDR $30 Application Whitelisting $55 Anti-Exploit / ATP $24 Endpoint Search $30 Total $193 Next-Generation Endpoint Protection $65
8 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide A Brief History SentinelOne was formed by an elite team of cyber security engineers and defense experts who joined forces to reinvent endpoint protection. With decades of collective experience, SentinelOne founders honed their expertise while working for Intel, McAfee, Checkpoint, IBM, and elite units in the Israel Defense Forces. They came together in 2013 to build a new security architecture that could defeat today’s advanced threats that come from organized crime and nation state malware. SentinelOne Endpoint Protection Platform SentinelOne’s Endpoint Protection Platform is an all-in-one endpoint security solution that provides protection against known and unknown attacks by identifying and mitigating malicious behaviors at machine speed. It closely monitors every process and thread on the system, down to the kernel level. A view of system-wide operations - system calls, network functions, I/O, registry, and more - as well as historical information, provides a full context view that distinguishes benign from malicious behavior. Once a malicious pattern is identified and scored, it triggers an immediate set of responses ending the attack before it begins. Responses include: Mitigation - Easy-to-configure policies that kill the process, quarantine or delete malicious binaries and all associated remnants, and remove the endpoint from the network. Immunization – As soon as an attack is prevented, details are immediately shared to other endpoints within the network, immunizing those systems that might be part of a coordinated attack. Remediation – Automatically restore deleted or modified files to their pre-attack state. Why SentinelOne? Forensics – A 360-degree view of the attack including file information, path, machine name, IP, domain, and more (available within SentinelOne or through your SIEM) In addition, SentinelOne EPP is a single, lightweight solution that uses an average of 1-2% CPU, so endpoints are able to do what they’re supposed to do - be a laptop, desktop, mobile device, or server. As it focuses on what’s right for each system, no signature updates/active scans are needed, and endpoints are always protected, whether you’re on or off the network. SentinelOne EPP is supported on major mobile, desktop/laptop, and server operating systems.
9 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide CUSTOMERs AV-Test Certification AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats. This validation now enables enterprises to replace their existing corporate antivirus suites with SentinelOne EPP and still meet compliance requirements, such as PCI DSS. SentinelOne EPP is the only next generation endpoint protection vendor to obtain this certification on both platforms. For more information on SentinelOne, please visit www.sentinelone.com. AWARDS AND CERTIFICATIONS

Recommended

SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivNOAH Advisors
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 

Recommended

SentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivSentinelOne - NOAH19 Tel Aviv
SentinelOne - NOAH19 Tel AvivNOAH Advisors
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Overview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOverview of Artificial Intelligence in Cybersecurity
Overview of Artificial Intelligence in CybersecurityOlivier Busolini
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
EC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course CatalogEC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course CatalogNetCom Learning
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Antonio Fontes
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCreekside Marketing Group, LLC
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides SlideTeam
 
CIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneCIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneSean Roth
 
Exploits - from zero day to ongoing threat
Exploits - from zero day to ongoing threatExploits - from zero day to ongoing threat
Exploits - from zero day to ongoing threatG DATA Software
 

More Related Content

What's hot

Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine LearningSiemplify
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
EC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course CatalogEC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course CatalogNetCom Learning
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Antonio Fontes
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited ResourcesLogRhythm
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides SlideTeam
 

What's hot (20)

Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
EC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course CatalogEC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course Catalog
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)Threat Modeling web applications (2012 update)
Threat Modeling web applications (2012 update)
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEye
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides Cybersecurity PowerPoint Presentation Slides
Cybersecurity PowerPoint Presentation Slides
 

Viewers also liked

CIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneCIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneSean Roth
 
Exploits - from zero day to ongoing threat
Exploits - from zero day to ongoing threatExploits - from zero day to ongoing threat
Exploits - from zero day to ongoing threatG DATA Software
 
La tecnologia y sus multiples relaciones
La tecnologia y sus multiples relacionesLa tecnologia y sus multiples relaciones
La tecnologia y sus multiples relacionesTatiana Cumbal
 
Mirantis open stack deployment automation
Mirantis open stack deployment automationMirantis open stack deployment automation
Mirantis open stack deployment automationWooKyun Jeon
 
Automating OpenStack Deployment with Fuel
Automating OpenStack Deployment with FuelAutomating OpenStack Deployment with Fuel
Automating OpenStack Deployment with FuelTomasz Zen Napierala
 
Fuel's current use cases, architecture and next steps
Fuel's current use cases, architecture and next stepsFuel's current use cases, architecture and next steps
Fuel's current use cases, architecture and next stepsOpen-IT
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 
Data Science - Part XI - Text Analytics
Data Science - Part XI - Text AnalyticsData Science - Part XI - Text Analytics
Data Science - Part XI - Text AnalyticsDerek Kane
 

Viewers also liked (11)

CIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneCIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOne
 
Exploits - from zero day to ongoing threat
Exploits - from zero day to ongoing threatExploits - from zero day to ongoing threat
Exploits - from zero day to ongoing threat
 
La tecnologia y sus multiples relaciones
La tecnologia y sus multiples relacionesLa tecnologia y sus multiples relaciones
La tecnologia y sus multiples relaciones
 
StackLight (aka LMA)
StackLight (aka LMA)StackLight (aka LMA)
StackLight (aka LMA)
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Mirantis open stack deployment automation
Mirantis open stack deployment automationMirantis open stack deployment automation
Mirantis open stack deployment automation
 
Automating OpenStack Deployment with Fuel
Automating OpenStack Deployment with FuelAutomating OpenStack Deployment with Fuel
Automating OpenStack Deployment with Fuel
 
Rand rr1751
Rand rr1751Rand rr1751
Rand rr1751
 
Fuel's current use cases, architecture and next steps
Fuel's current use cases, architecture and next stepsFuel's current use cases, architecture and next steps
Fuel's current use cases, architecture and next steps
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 
Data Science - Part XI - Text Analytics
Data Science - Part XI - Text AnalyticsData Science - Part XI - Text Analytics
Data Science - Part XI - Text Analytics
 

Similar to SentinelOne Buyers Guide

Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideJeremiah Grossman
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023SofiaCarter4
 
10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered securityJose Lopez
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And RiskChandrashekhar B
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Comodo advanced endpoint protection
Comodo advanced endpoint protectionComodo advanced endpoint protection
Comodo advanced endpoint protectionDavid Waugh
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 

Similar to SentinelOne Buyers Guide (20)

Next Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers GuideNext Generation Endpoint Prtection Buyers Guide
Next Generation Endpoint Prtection Buyers Guide
 
10 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 202310 Best DevSecOps Tools for 2023
10 Best DevSecOps Tools for 2023
 
10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security10 critical elements of next generation of endpoint layered security
10 critical elements of next generation of endpoint layered security
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 
SecPod Saner
SecPod SanerSecPod Saner
SecPod Saner
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
linkedin brainies
linkedin brainieslinkedin brainies
linkedin brainies
 
Security overview 2
Security overview 2Security overview 2
Security overview 2
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Comodo advanced endpoint protection
Comodo advanced endpoint protectionComodo advanced endpoint protection
Comodo advanced endpoint protection
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Cisco - See Everything, Secure Everything
Cisco - See Everything, Secure EverythingCisco - See Everything, Secure Everything
Cisco - See Everything, Secure Everything
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
AEPWP09292016
AEPWP09292016AEPWP09292016
AEPWP09292016
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

SentinelOne Buyers Guide

  • 1. 1 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Next Generation Endpoint Protection Buyer’s Guide
  • 2. Contents Introduction 3 Today’s Security Landscape Why Traditional Security is Not Working Is Antivirus Dead? Sandboxing as a Defense? A New Approach to Endpoint Security 5 Next Generation Endpoint Protection Next Generation Endpoint Protection as an Antivirus Replacement Six Things Your NGEP Must Do Evaluating Next Generation Endpoint Protection Vendors 7 Evaluation Questions Licensing Why SentinelOne? 8 A Brief History SentinelOne Endpoint Protection Platform AV-Test Certification Testimonials Next Steps ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide
  • 3. 3 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Today’s Security Landscape In the past two decades of tech booms, busts, and bubbles, two things have not changed - hackers are still finding ways to breach security measures in place, and the endpoint remains the primary target. And now, with cloud and mobile computing, endpoint devices have become the new enterprise security perimeter, so there is even more pressure to lock them down. Companies are deploying piles of software on the endpoint to secure it - antivirus, anti-malware, desktop firewalls, intrusion detection, vulnerability management, web filtering, anti-spam, and the list goes on. Yet with all of the solutions in place, high profile companies are still being breached. The recent attacks on large retail and hospitality organizations are prime examples, where hackers successfully used credit-card-stealing-malware targeting payment servers to collect customer credit card information. Why Traditional Security is Not Working There is a fundamental problem with the security that leaves us basically in the same spot: it is looking for something known - a known hash, IP address, vulnerability, behavior. Ultimately hackers are able to use enough masking techniques to bypass the security software, leaving the server or laptop once again the victim of an attack. It’s very easy to alter this malicious code with downloaded or created tools to bypass security measures. Anyone who has basic coding skills can do it. The diagram to the right shows a few attack masking techniques, which are often used in conjunction with each other to take a known binary and cause it to appear completely new, unknown, and benign on the surface. Along with masking techniques, hackers are using different vectors or paths to deliver the malicious code and carry out their attacks. Top attack vectors are listed to the right. Attacks can be single-vector or part of a multi-vector, more sophisticated attack. Introduction Variations/ Obfuscators Alters known malicious code to make it appear new/different Packers Designed to ensure code runs only on a real machine (anti-virtual machines, sleepers, interactions, anti-debug) Targeting Allows code to run only on a specific targeted machine or device with specific configuration Malware The code that runs on the victim’s machine Wrappers Designed to turn code into a new binary Attack Masking Techniques
  • 4. 4 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Is Antivirus Dead? Antivirus has been around now for 25 years, yet has not innovated to protect against attacks that use unknown threat techniques. It continues to look for a known hash, and small changes to the hash can bypass the system. Antivirus also overlooks the fact that attacks can be file-less, infecting the memory and writing directly to RAM rather than file systems. In addition, antivirus is known to not be user-friendly, hogging bandwidth with updates, and spiking CPU with resource-intensive scans. This not only leads to downtime, but often causes users to get frustrated and take strides to disable the software or ignore security warnings. Sandboxing as a Defense? Approximately 5 years ago, network-based sandboxes began entering the scene. They, in essence, “emulate” the execution of unknown files inside a virtual machine residing on the network and monitor file behavior throughout its execution inside the “protected” environment. While these solutions have been able to increase detection rates of new threats, they are far from being 100% effective. Attackers quickly realized while their current packing techniques could not be used to bypass the sandbox environment, they just needed to detect the environment, which could easily be done by noticing limited emulation time, lack of user interaction, and only a specific image of the OS. Once the environment is identified, they ensure their malicious code will not run in the emulated environment, will be flagged as benign, and will continue its route to the end device and only run there (where the endpoint antivirus can do little to stop it). With the new threat landscape, a new model that uses a different approach is needed. Executables Malware, Trojans, Worms, Backdoors, Payload-based Fileless Memory-only malware No disc-based indicators Documents Exploits rooted in Office documents, Adobe, Macros. Spearphishing emails Browser Drive by downloads, Flash, Java, Javascript, vbs, iframe/html5, plug-ins Scripts Powershell, WMI, PowerSploit, VBS Credentials Credentials scraping, Mimikatz, Tokens Attack Vectors Live/Insider Threats ExploitsMalware
  • 5. 5 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Next Generation Endpoint Protection In the past couple of years, a new type of technology emerged designed to detect and prevent threats at the endpoint using a unique behavior-based approach. Instead of looking for something known or it’s variant like signature-based detection, next-generation endpoint security is looking at the system behavior to identify suspicious activity. Endpoint detection and response (EDR) monitors for activity and enables administrators to take actions on incidents to prevent them from spreading throughout the organization. Next-Generation Endpoint Protection (NGEP) goes a step further and takes automated actions to prevent and remediate attacks. Until recently, administrators have been hesitant to use the protection capabilities because of false positives associated with flagging unusual behavior that isn’t malicious. Skype, for example, defies many rules of a ‘normal’ application, jumping ports and protocols, yet it’s a legitimate application often used for business use. The NGEP must have the ability to learn the local systems and environment so it doesn’t flag benign behavior. A New Approach to Endpoint Security Next Generation Endpoint Protection as an Antivirus Replacement If you’re evaluating next-generation endpoint security solutions, you may be thinking it’s yet another tool to install and potentially bloat your endpoint (as well as your budget.) And if you’re in a regulated industry, you may be required to keep your antivirus and install endpoint protection as an additional layer to protect against new and unknown attacks. Many next-generation endpoint security vendors would actually not claim that they can be an Antivirus replacement. But if the next-generation vendor has been tested and certified as meeting Antivirus requirements (and passing the detection test), you can consider replacing your Antivirus with next-generation endpoint security. To completely replace the protection capabilities of existing legacy, static-based endpoint protection technologies, NGEP needs to be able to stand on its own to secure endpoints against both legacy and advanced threats throughout various stages of the attack lifecycle.
  • 6. 6 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Your Next Generation Endpoint Protection (NGEP) solution needs to address six core pillars that, when taken together, can detect and prevent the most advanced attack methods at every stage of their lifecycle: Six Things Your NGEP Must Do 1 Known Attack Prevention. We explored above how only looking for known threats won’t protect against variants or unknown attacks, but coupling it with additional security layers can pre-emptively stop known threats before they can execute on endpoints. However, instead of relying on a single vendor’s intelligence, make sure your NGEP uses a vast collection of reputation services to proactively block threats and bad sources. Be sure the NGEP vendor uses data from the cloud, indexing files for passive scanning or selective scanning to keep it lightweight, instead of performing resource- intensive system scans. 2 Dynamic Exploit Detection. Hackers often use exploits to target code-level vulnerabilities so they can breach systems and execute malware. Drive-by downloads are a common vector for carrying out exploit attacks. NGEP should provide anti-exploit capabilities to protect against both application and memory- based attacks. This should be achieved by detecting the actual techniques used by exploit attacks - for example: heap spraying, stack pivots, ROP attacks and memory permission modifications - not by using methods that are dependent on static measures, like shellcode scanning. This approach is much more reliable in detecting unknown attacks, since the exploitation techniques themselves are not as easy to change or modify as the shellcode, encoder, dropper and payload components used in malware. 3 Advanced Malware Detection. Your NGEP must be able to detect and block unknown malware and targeted attacks - even those that do not exhibit any static indicators of compromise. This involves dynamic behavior analysis - the real-time monitoring and analysis of application and process behavior based on low-level instrumentation of OS activities and operations, including memory, disk, registry, network and more. Since many attacks hook into system processes and benign applications to mask their activity, the ability to inspect execution and assemble its true execution context is key. This is most effective when performed on the device regardless of whether it is on or offline (i.e. to protect even against USB stick attacks.) 4 Mitigation. Detecting threats is necessary, but with detection only, many attacks go unresolved for days, weeks, or months. Automated and timely mitigation must be an integral part of NGEP. Mitigation options should be policy-based and flexible enough to cover a wide range of use cases, such as quarantining a file, killing a specific process, disconnecting the infected machine from the network, or even completely shutting it down. Quick mitigation during inception stages of the attack lifecycle will minimize damage and speed remediation. 5 Remediation. During execution, malware often creates, modifies, or deletes system file and registry settings and changes configuration settings. These changes, or remnants that are left behind, can cause system malfunction or instability. NGEP must be able to restore an endpoint to its pre-malware, trusted state, while logging what changed and what was successfully remediated. 6 Forensics. Since no security technology claims to be 100% effective, the ability to provide real-time endpoint forensics and visibility is a must. Clear and timely visibility into malicious activity throughout an organization allows you to quickly assess the scope of an attack and take appropriate responses. This requires a clear, real-time audit trail of what happened on an endpoint during an attack and the ability to search for indicators of compromise.
  • 7. 7 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide Evaluation Questions Now that you know what to look for in a next-generation endpoint protection solution, you’ll need to start evaluating vendors on your shortlist. Request an evaluation from the vendor, and make sure it’s full production software so that you can see how it will actually perform in your environment and against the security test you’ve outlined. For your evaluation, take the following considerations into account: 1. For endpoints (including mobile devices, if supported), which operating systems and major operating system versions are supported? For each of these, what are the performance requirements (CPU, memory, storage)? 2. How, in technical methods, does the product detect attacks from each vector - including malware, exploits, and live/insider threats? 3. How frequently are updates made available? Are updates pushed or pulled to the endpoint? Do the updates require any user intervention (i.e. reboot?) 4. Can the product prevent threats if the endpoint is offline from the network? 5. How scalable is the product? How many clients can be supported by each management console? 6. Is the management server cloud-based or on-premise? 7. What is done to prevent false positives and learn benign system behavior? What is the current false positive rate? 8. Do they integrate with SIEM systems for incident management? Evaluating Next Generation Endpoint Protection Vendors 9. Are there prevention policies to protect against threats in real-time? 10. What levels of contracted support does the endpoint protection vendor provide? Are software updates and upgrades part of the licensing fee? Licensing and PRICING Typically, endpoint protection products are purchased as licenses per user or per endpoint, often in 1-year, 2-year or 3-year increments. Vendors typically offer volume discounts for larger environments. License costs vary, but are usually $30 to $70 for each endpoint license per year, depending on the vendor and number of licenses purchased. The cost can be deceptive, as some endpoint protection products may provide narrow functionality that requires additional products to be installed. Weigh the cost in terms of functionality and how many products you have to install for total endpoint security. For example, do you have to purchase separate products for any of the below, or is all of it included in the next-generation endpoint protection platform? Evaluate the true cost before making a decision. AntiVirus $25 Host-Based IPS (HIPS) $29 Endpoint Forensics/EDR $30 Application Whitelisting $55 Anti-Exploit / ATP $24 Endpoint Search $30 Total $193 Next-Generation Endpoint Protection $65
  • 8. 8 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide A Brief History SentinelOne was formed by an elite team of cyber security engineers and defense experts who joined forces to reinvent endpoint protection. With decades of collective experience, SentinelOne founders honed their expertise while working for Intel, McAfee, Checkpoint, IBM, and elite units in the Israel Defense Forces. They came together in 2013 to build a new security architecture that could defeat today’s advanced threats that come from organized crime and nation state malware. SentinelOne Endpoint Protection Platform SentinelOne’s Endpoint Protection Platform is an all-in-one endpoint security solution that provides protection against known and unknown attacks by identifying and mitigating malicious behaviors at machine speed. It closely monitors every process and thread on the system, down to the kernel level. A view of system-wide operations - system calls, network functions, I/O, registry, and more - as well as historical information, provides a full context view that distinguishes benign from malicious behavior. Once a malicious pattern is identified and scored, it triggers an immediate set of responses ending the attack before it begins. Responses include: Mitigation - Easy-to-configure policies that kill the process, quarantine or delete malicious binaries and all associated remnants, and remove the endpoint from the network. Immunization – As soon as an attack is prevented, details are immediately shared to other endpoints within the network, immunizing those systems that might be part of a coordinated attack. Remediation – Automatically restore deleted or modified files to their pre-attack state. Why SentinelOne? Forensics – A 360-degree view of the attack including file information, path, machine name, IP, domain, and more (available within SentinelOne or through your SIEM) In addition, SentinelOne EPP is a single, lightweight solution that uses an average of 1-2% CPU, so endpoints are able to do what they’re supposed to do - be a laptop, desktop, mobile device, or server. As it focuses on what’s right for each system, no signature updates/active scans are needed, and endpoints are always protected, whether you’re on or off the network. SentinelOne EPP is supported on major mobile, desktop/laptop, and server operating systems.
  • 9. 9 ©2016 SentinelOne. All Rights Reserved. next generation endpoint protection buyer’s guide CUSTOMERs AV-Test Certification AV-TEST, a leading independent anti-virus research institute, has awarded SentinelOne EPP the Approved Corporate Endpoint Protection certification for both Windows and OS X, which validates its effectiveness for detecting both advanced malware and blocking known threats. This validation now enables enterprises to replace their existing corporate antivirus suites with SentinelOne EPP and still meet compliance requirements, such as PCI DSS. SentinelOne EPP is the only next generation endpoint protection vendor to obtain this certification on both platforms. For more information on SentinelOne, please visit www.sentinelone.com. AWARDS AND CERTIFICATIONS