SentinelOne’s ActiveEDR enhances autonomous threat hunting
SentinelOne, the autonomous endpoint protection company, announced at RSA Conference the next step in endpoint security evolution — ActiveEDR — which is delivered via SentinelOne’s single agent, single codebase, single console architecture.
Going beyond traditional antivirus and EDR solutions, ActiveEDR, powered by SentinelOne’s proprietary TrueContext technology, allows security teams to quickly understand the story and root cause behind threat actors and autonomously respond, without any reliance on cloud resources.
Security teams are challenged with monitoring and protecting every edge of their network, from the endpoint to the cloud. While most EDR solutions passively allow operators to find what’s malicious, many don’t provide the context to understand what was found, or better yet, locate the source and autonomously block attacks.
With ActiveEDR, everyone from advanced SOC analysts to novice security teams can automatically remediate threats and defend against advanced attacks. This technology empowers security teams to focus on the alerts that matter and leverage technology to assist in what before was limited to human mandated tasks.
SentinelOne’s TrueContext takes into account advanced context evasion techniques that normally bypass or confuse passive EDR solutions, providing security teams with situational awareness and actionable context faster than any other solution on the market. The technology allows analysts and responders to fully and automatically remediate threats leveraging SentinelOne’s automated response capabilities.
ActiveEDR reduces the cost and time required to bring value to the complicated and overwhelming amount of data provided by passive EDR tools. The autonomous AI powered agent functions like a SOC analyst on each and every endpoint, transforming massive amounts of data into TrueContext stories and raising high-quality, prioritized alerts when threat behavior is observed.
At machine speed, ActiveEDR, leveraging TrueContext, is able to prevent, detect, and respond to advanced attacks regardless of delivery vectors, whether the endpoint is connected to the cloud or not.