The Singularity App for Azure Active Directory (Azure AD) enables organizations using SentinelOne to automatically alert Azure AD when an endpoint is at risk, triggering conditional access policies to protect corporate resources and enabling organizations to enforce the principles of zero trust. A zero trust architecture powered by SentinelOne creates a dynamic framework to secure the digital enterprise.
“Global cyberattacks attacks like Kaseya or SUNBURST are a constant reminder of the importance of modernizing legacy security architectures,” said Sue Bohn, Vice President of Program Management, Microsoft. “The integration between SentinelOne and Azure Active Directory will allow organizations to combine leading endpoint and identity solutions to embrace a Zero Trust security model.”
“Open ecosystems are critical to a Zero Trust strategy as organizations look to use best-of-breed solutions” said Raj Rajamani, Chief Product Officer, SentinelOne. “Bringing together leading endpoint and identity solutions will go a long way towards helping mutual customers develop and mature their Zero Trust programs. In partnering with Microsoft, we offer mutual customers differentiated security solutions to help defend the enterprise.”
As ransomware, supply-chain-based attacks, and credential attacks become increasingly popular amongst cybercriminals, endpoints and identities are two of the most commonly exploited attack vectors for gaining access to an organization’s data. Organizations attempt to mitigate this risk by moving from a legacy network-based defense model to a zero trust security model, specifically by connecting their endpoint security and identity solutions to gain visibility of at-risk users.
However, this generally requires that the organization do the complex setup and maintenance on their own, and there are only limited automation opportunities for automatic remediation. With the Singularity App for Azure Active Directory, organizations can utilize a modern security platform that maximizes their existing investments, allowing them to continuously reestablish trust with assets and provide explicit just-in-time access via a fully managed, automated solution.
When a user opens a malicious file on an endpoint, SentinelOne detects the incident and uses the Azure AD Risky User API to automatically mark the user’s identity with a confirmed compromised risk state and high risk level. When a user identity is changed to this state, an organization’s Azure AD Conditional Access policy can initiate a number of responses including limiting access, blocking access or triggering a Multi-Factor Authentication (MFA) prompt. When the incident is resolved in SentinelOne, the user is moved out of the risky user state and returns to their normal identity state.
With SentinelOne on the endpoint and directly integrated with Azure AD, joint customers have a mechanism for continually, automatically verifying trust with every single user identity or endpoint.
Furthermore, information on any impacted user identity is shared with Azure AD in real-time, triggering the organization’s Conditional Access policy and subsequently preventing access to corporate resources and services.
The Singularity App for Azure Active Directory is available on the Singularity Marketplace.