SentinelOne: against cyberthreats man is not enough, AI is needed

The specialist leverages the Singularity Xdr platform to offer protection that takes into account today's attack surfaces and can detect attacks early. The presence in Italy is consolidated. Posted on 08 July 2022 by Roberto Bonino

Already 2021 had been a record year in terms of cyberattacks, but 2022 is likely to surpass it. There are many targets, from workstations to identities, from e-mail to the network: "Hybrid work models, which have become the norm in companies, have only exacerbated the phenomenon of shifting attention from the endpoint to the exposed surface", explains Marco Rottigni, technical director of SentinelOne. "In addition to the developments towards mobility and digital transformation, there has been a drastic turn towards the cloud. This extends the reach for attackers and the perimeter of control for security experts." To counter the dynamic threat landscape, it is now essential not only to have an arsenal of high-performance tools, but also to ensure that they are interoperable to block the attack at all levels. Therefore, ensuring that security products simply integrate with each other, regardless of the supplier, has become essential to achieve efficiency and performance in terms of safety. For this reason, the Xdr (eXtended Detection and Response) logic is becoming increasingly popular: "Man is now too slow to be able to effectively counter threats. Technology must be increasingly autonomous to increase the speed of contrast and prevention", is the tranchant judgment of Rottigni.

Marco Rottigni, technical director of SentinelOne Italia To automatically detect and respond to malicious activity, SentinelOne has developed an AI-powered platform. Called Singularity Xdr, it is based on an approach that centralizes the events reported by all the security solutions present to automate and accelerate the detection, analysis and response to threats, all of which are impossible to implement when the platforms do not communicate with each other. In addition, the technology is able to make decisions autonomously, whether it is on-site or cloud environments: "Agents are installed on the devices that allow you to build stories about each practice or event, then organized with our Storyline technology and integrated with artificial intelligence to correlate behaviors and data derived also from institutions such as Mitre and WatchTower and then enable autonomous responses at machine speed. The environmental data then goes to the data lake in the cloud, to give SecOps evidence of what happened and activate investigations", explains Rottigni. Another strong point of SentinelOne appears to be the openness to integration with technologies of other players. On the one hand, through the Open Xdr Marketplace, it is possible to integrate Mandiant's threat intelligence, Okta's radius analysis technology or act with revocation of access and quarantines with Zscaler, to give examples. On the other hand, there is also the possibility of combining Xdr Analytics technology with tools such as ServiceNow, Splunk or Microsoft. The concepts advocated by the vendor are sticking, albeit slowly. The main competitor, Crowdstrike, appears today more rooted, but the Italian branch has grown in just two years from 2 to 13 people in staff, in Europe the threshold of 300 employees has been exceeded (1,500 in total) and a research & development center has recently been inaugurated in Bangalore.

Tags: cybersecurity, artificial intelligence, eXtended Detection and Response, Xdr Threats