SentinelOne, the autonomous cybersecurity platform company, announced the general availability of its next generation container and cloud-native workload protection (CWPP) offering. The solution is the first to offer fully featured autonomous Runtime Protection, Detection, and Response for cloud workloads.
Purpose built for containers, SentinelOne’s CWPP offering provides the richest set of capabilities on the market, including advanced runtime protection, full remote shell to any pod, container kill, and full remediation to empower security and DevOps teams – all seamlessly within SentinelOne’s Singularity platform.
With this release, SentinelOne extends its XDR platform to introduce full visibility, detection, response and threat hunting for containerized workloads using the same console which is used for endpoints and IoT devices.
Deployed seamlessly through popular DevOps tools such as Helm, the solution delivers SentinelOne’s patented Behavioral AI, Static AI, and autonomous response capabilities across all major Linux platforms, physical and virtual, cloud-native workloads, and containers – providing prevention, detection, response, and threat hunting for tomorrow’s cyber threats.
“As organizations embrace the operational efficiency of Kubernetes, they need a security solution that protects their containerized applications from unknown malware, zero days and in-memory attacks in real time, while automatically pinpointing which image and pod was the target,” said Guy Gertner, VP of Product Management, SentinelOne.
“Furthermore, enterprises need an easy-to-deploy solution that won’t slow or interfere with business processes. We’re proud that our container protection solution, powered by our unmatched behavioral AI models, meets this critical and growing business imperative.”
Fully-featured prevention, detection, and response
SentinelOne’s ActiveEDR allows security teams to quickly understand the story and root cause behind threat actors in containerized environments and autonomously respond. SentinelOne uses Static AI and Behavioral AI models that do not require baselining for providing runtime security, protecting organizations from both known vulnerabilities and zero-days.
Full Remote Shell to pods and containers
Full Remote Shell capabilities arm security teams with a rapid way to investigate threats, collect forensic data, and remediate breaches no matter where the compromised containers are, eliminating uncertainty and greatly reducing any downtime that results from an attack.
Complete container telemetry for XDR
SentinelOne is the only vendor to extract complete container attributes for granular awareness and rapid response. Container details include cluster name, node name, deployment type, pod name, container image name, and container ID for unprecedented visibility and aggregated Singularity XDR context. These attributes are all additive to SentinelOne’s existing EDR data categories.
“SentinelOne’s Behavioral AI technology has significantly improved how our customers are able to protect their endpoints. With this new release, they are bringing the Behavioral AI technology to containerized workloads,” said Dan Thormodsgaard, CTO and Co-Founder, Fishtech Group.
“Run-time protection of workloads is very important as not all app-level vulnerabilities might be fixed in production systems. SentinelOne’s approach to this problem is unique and very consistent with how they protect laptops, servers, and virtualized workloads. The autonomous prevention and remediation provides huge value to our customers.”
SentinelOne’s container and cloud-native workload protection can be deployed either in cloud service provider managed Kubernetes clusters or on self-managed clusters. SentinelOne is demonstrating the solution at RSA Conference 2020.