Our Use Case PDFs and blog images are only available in German. If you are interested in further information, we are happy to assist you personally. Please don’t hesitate to contact us directly.
1. The Initial Situation
Endpoint Security in Transition
IT specialists have been dealing with endpoint security for decades.
Normally, the signature of a new malicious code is recognized by most antivirus programs. Corresponding rules are implemented by the respective manufacturers to protect customers from malware. In this scenario, however, the IT teams are the ones being permanently hunted. They have to recognize the new methods of the attackers in order to protect themselves from them – around the clock.
Anomaly Detection Using a.I. And Machine Learning (ML)
Rules and signatures are important and protect against known attacks.
But what about the malicious programs that nobody knows yet – so-called zero-days*?
In addition to the stored rules and signatures, modern endpoint security tools can also “learn” the behavior of every device & user and react to anomalies. This behavior-based AI is called EDR/XDR (Endpoint Detection and Response) in real time.
*Definition: Zero-Day Exploit (Definition According to BSI)
The exploitation of a vulnerability that is only known to the discoverer is characterized by the term zero-day exploit. The public and, in particular, the manufacturer of the product concerned, usually only become aware of the vulnerability when attacks are discovered that are based on this vulnerability. The term zero-day is derived from the fact that a corresponding exploit already existed before the first day the manufacturer became aware of the vulnerability – i.e. on a fictitious “day zero”. The manufacturer therefore has no time to protect users from the first attacks.
![Use-Case Endpoint Detection ] Response with SentinelOne.](https://www.netdescribe.com/wp-content/uploads/2023/04/NetDescribe_Blog-Beitragsbild_Use-Case_Endpoint-Detection_Response.jpg)
2. The Use Case
The Requirement for NetDescribe
Our customer from the automotive supplier industry required NetDescribe to replace a legacy antivirus program and ensure 24/7 monitoring.
The requirements for the new system were as follows:
- State of the Art Solution
- Detection of rules and signatures
- Monitoring of behavior-based anomalies
- Managed service with automated response measures to filter and reduce alarms for the customer
The Performance Solution from NetDescribe – SentinelOne
After an analysis of the current situation and an assessment of the desired requirements, the decision was made together with the customer to use SentinelOne.
This technology enables security teams not only to concentrate on the most important alerts, but also uses behavior-based AI to take over tasks that previously could only be performed by humans. All activities on a device are tracked and contextualized, and malicious actions are identified in real time. Required reactions take place automatically.
What is SentinelOne?
SentinelOne is an AI-powered Endpoint Detection and Response (EDR) solution that enables unified analysis of data from various endpoints such as Macs, PCs, Linux systems, IoT devices, and cloud workloads.
SentinelOne is designed for security threat detection, vulnerability management, and endpoint protection.
In today’s globally tense cyber threat situation, a reliable security concept is essential for companies of all sizes. Since attackers can access data on servers, in the cloud, or on employee endpoints, companies need networked systems for reliable protection.
By integrating all components, SentinelOne offers a comprehensive view of the processes in every IT infrastructure. It collects, normalizes, and correlates data from user devices, networks, cloud workloads, and firewalls to enable automated responses and provide IT and security teams with a comprehensive overview.
Advantages of SentinelOne as an Endpoint Detection and Response (EDR) System:
- Threat detection: SentinelOne enables early detection of security threats by monitoring network, user and endpoint activities in real time.
- Responsiveness: SentinelOne can react quickly and automatically to security threats by isolating threats, cleaning up systems or deactivating user accounts.
- Advanced analysis functions: SentinelOne offers advanced analysis functions to investigate threats and understand the origin and impact of the threat on the IT infrastructure.
- Centralized management: SentinelOne enables centralized management of security policies, processes and events via a unified platform, which improves operational efficiency.
- Support for compliance: SentinelOne can help to meet compliance requirements by providing detailed logging of security events and helping to identify and fix vulnerabilities in the IT infrastructure.
In summary, SentinelOne offers an effective way to detect, analyze and respond to security threats, thereby improving the overall security and compliance of IT infrastructures.
24/7 Managed Detection and Response from SentinelOne
With Vigilance Respond, all identified threats that endanger your network and your company are investigated, resolved and documented by security experts so that you have time for the essentials.
What Does the 24/7 Managed Detection and Response Service from SentinelOne Offer?
- Round-the-clock coverage (follow the sun) SentinelOne analysts monitor your environment daily around the clock for changes and react in an emergency – regardless of your location.
- Shorter MTTD (mean time to detect) and MTTR (mean time to respond) On average, SentinelOne needs 18 minutes not only to discover incidents, but also to fix them directly. This makes Vigilance the industry’s fastest Managed Detection and Response Service.
- Fewer warnings, more context SentinelOne adds manually generated context through the Storyline™ technology, so you save even more time when bundling, correlating, and contextualizing warnings.
- Security with a sense of proportion As an extension of your team, our analysts triage and prioritize events based on the individual requirements of your program.
- Documentation and reports All threats identified in your environment are checked, documented, and included in the regularly created reports.
- Relief of your limited IT resources By outsourcing daily processes and threat hunting to MDR experts, your team can concentrate on new things.
3. Conclusion
With the SentinelOne Service Vigilance Respond, the daily processes and threat hunting are outsourced to the SentinelOne MDR (Managed Detection and Response) experts. This means more time and resources for your security strategy for your SOC team.
