SentinelOne EPP, a next-generation endpoint software, uses single agent technology and AI for autonomous detection and response without the need for human intervention. This platform offers the right technology at the right time before, during, and after execution, delivering actionable context that security teams and CISOs alike will understand.

The policies are simple to configure, and because the machine so accurately gauges the maliciousness of suspicious files and processes, analysts can confidently adjust their system automation levels according to its assessments. Some security teams prefer limited automation, whereas others want no-touch remediation. The platform has flexible automation policies that are tailored to the preferences of any organization.

Machine learning-based behavioral detection drives ActiveEDR, a feature that constantly monitors and maps any incongruous behaviors during process execution. The agent builds a storyline and true context ID of every process running on an endpoint. Powered by machine learning, the data lake uncovers and correlates anomalies in every part of the network, hunting for risks hidden within parent processes across an enterprise. It then relinks all secondary procedural calls and child processes back into the initial process story. This relinking uniquely tracks events across complicated operating system flows to offer crucial contextual information and a rich picture of process incidents.

As stories evolve, the machine learning agent continuously assesses and scores any changes in threat status. Once it detects maliciousness within a story, the agent acts on the problem. It also conducts automated remediation and response on all malicious processes and rolls back any changes that have resulted from the attack. The automation in this platform does not come in a black box format. Since analysts often want to know the reason for a malicious determination, the machine learning module assigns all determinations a threat indicator. These indicators span from an abnormal indication to a true positive malicious identification.

Widgets form the foundation of the clean interface, and analysts may customize it to ensure that they always receive the most relevant and actionable at-a-glance information. The dashboards even support multi-tenancy with a global view that can display an unlimited number of accounts, sites, and groups, each serving as an additional security boundary. Users may choose from several reports within the interface that either run manually as one-time reports or that reoccur automatically as scheduled.

Overall, security pros will find SentinelOne EPP a solid, easy-to-use product that covers the spectrum of endpoint security expectations. The True ContextID offers such valuable information in event storylines and one-click root cause analyses that analysts can quickly declare an event a threat and trigger auto remediation. Organizations in the MSSP market or large companies frequently involved in mergers and acquisitions will find this product ideal.

Pricing starts at $50 per endpoint, per year and includes 8/5 phone, email, and website support. Additional support options are available for a fee. Organizations have access to a knowledgebase, a FAQ list, and full API documentation. The installation and supplemental documentation are mostly straightforward. We notice that the installation documents reference an older version of the agent and suggest updating this issue to avoid any confusion.   

Written by Katelyn Dunn

Tested by Tom Weil