SentinelOne releases full remote shell capabilities for remote endpoint attack query and response
SentinelOne, the autonomous endpoint protection company, released full remote shell capabilities, providing security and IT operations teams unparalleled technology in identifying, assessing and remediating endpoint attacks across the enterprise, regardless of the comprised endpoint’s location.
SentinelOne’s new remote shell capabilities allow authorized administrators to access managed endpoints directly from the SentinelOne console UI and establish a full remote shell session to investigate attacks, understand attack context and remediate breaches by troubleshooting end user issues, all in real-time.
“In today’s ever-evolving threat landscape, it’s of great importance for security teams and system administrators to be able to enact active EDR capabilities that go beyond threat hunting,” said Jared Phipps, Vice President Worldwide Sales Engineering, SentinelOne. “While some products go part of the way in providing the necessary tools from a remote location, they fall short in critical areas. With SentinelOne’s Full Remote Shell capabilities, our agent’s autonomous EDR functionality is enhanced, greatly reducing downtime and impact resulting from an attack.”
Remote shell capabilities in competing products provide users with a limited amount of commands that can be executed, causing system administrators to place feature requests and endure lengthy procedural processes for additional command needs after a threat has been identified. By providing full, native shell capabilities, SentinelOne is greatly alleviating the prior constraints of remote endpoint management while increasing operational productivity and cost savings.
Full Remote Shell use cases
- Faster troubleshooting made possible by admins not having to be in physical contact with an endpoint device to solve problems;
- Increased support for remote users by removing the need for visits to IT departments;
- The ability to easily change local configuration without leaving the premises;
- Eliminating the need for memory dump and other advanced tools in deep forensic investigation;
- Terminating undesired applications or processes running on endpoint devices; and
- Initiating remote controls in a secure manner.
In order to ensure optimal security posture is present along with usability throughout the remote shell process, SentinelOne has implemented stringent procedure. These steps include the requirement of remote shell access being specifically enabled from the policy, requiring administrators to choose a dedicated password to encrypt each and every session, making administrators enable two factor authentication prior to allowing access and detailed auditing of the entirety of Full Remote Shell use.
“SentinelOne’s full eemote shell is a best-in-breed EDR feature that has greatly benefited our efforts in more effectively performing incident response activities,” said Jim Jaeger, President and Cyber Practice Lead at Arete Advisors. “As the sophistication of malicious activity continues to evolve at a rapid pace, SentinelOne provides us the industry’s most advanced technology in taking necessary action in mitigating risk.”