SentinelOne Endpoint Protection Platform
Strengths: Rollback feature really sets this product apart from the competition; lots of Linux support.
Weaknesses: Remediation features are limited, price is middle of the road.
Verdict: Good solution with some unique features. If Linux is in your environment, this tool deserves a serious look.
SentinelOne Endpoint Protection Platform (EPP) is a Next-Gen antivirus solution with a wide selection of supported operating systems, including quite a bit of Linux support. While most Next-Gen solutions are moving to cloud-only management, leveraging both on-prem and cloud management is a nice option that will cover everyone's needs.
SentinelOne EPP has an easy to use management console that is full of data surrounding threats. The information is easily accessible and allows security professionals to quickly drill down and identify the threat that has been detected. Data can be parsed in multiple views among the various sections in the solution. One nice feature is the ability to download the reports into a .CSV or .JSON file to import into other reporting tool sets.
SentinelOne EPP is powered by machine learning and can detect and stop threats in a short amount of time. It can also help prevent zero-day attacks based on static file analysis. This will protect your environment from falling prey to the different program variants that have been camouflaged by changing a few bits here and there. Customizable policies allow you to control different levels of protection across your environment in a manner unique to your security posture. With the ability to whitelist and blacklist hashes, you can control which applications run on your systems.
SentinelOne EPP has especially fluid remediation tools as well. It has leveraged Windows VSS to allow the SentinelOne agent to "rollback" to a point before the attack, and therefore restore your system to an unencrypted state. The function is a few simple clicks away from investigating the threat and takes only a few minutes to revert the system. It does rely on you maintaining VSS enabled in your environment, though. We would like to see some real-time remediation paired into the solution.
One item that really stands out to the SC Labs team was the large number of supported Linux distributions. SentinelOne supports all common distributions for enterprise use as well as cloud variants such as Amazon and Linux. Being a former Linux administrator, it is nice to see some native support for these systems. If Linux is in your environment, this is a tool that you must take a long hard look at.
SentinelOne offers a few support plans with their product for an additional cost; these cover 8x5 and 24x7 email and phone support. It also has a nice support portal on their site as well as a full knowledge base and FAQ section. The base price does not include phone or email support.
If malware is a concern for you, SentinelOne delivers. It offers a complete solution, easy-to-follow documentation, and a vast number of supported operating systems. If you have a diverse computing environment, this solution is for you.
- Michael Diehl
Tested by: Michael Diehl