New Capabilities Enable Untethered View into All Endpoint Activities and Network Traffic – Encrypted and Clear Text.
SentinelOne, a pioneer in delivering autonomous AI-powered security for the endpoint, datacenter and cloud, today launched its new Deep Visibility module for the SentinelOne Endpoint Protection Platform (EPP), making it the first endpoint protection solution to provide unparalleled search capabilities for all indicators of compromise (IOCs) regardless of encryption and without the need for additional agents.
“We are bringing visibility to every edge of the network – from the endpoint to the cloud,” said Tomer Weingarten, CEO of SentinelOne. “Deep Visibility enables search capabilities and visibility into all traffic since we see it at the source and monitor it from the core. We know that more than half of all traffic is encrypted – including malicious traffic – which makes a direct line of sight into all traffic an imperative ingredient in enterprise defence.”
Deep Visibility extends the company’s current endpoint suite abilities to provide full visibility into endpoint data, leveraging its patented kernel-based monitoring, for complete, autonomous, and in-depth search capabilities across all endpoints – even those that go offline – for all IOCs in both real-time and historical retrospective search. SentinelOne EPP with Deep Visibility enables customers to fully automate their detection to response workflow while also gaining unprecedented insight into their environment.
Deep Visibility also empowers customers to gain insights into file integrity and data integrity by monitoring file characteristics and recording data exports to external storage.
Deep Visibility monitors traffic at the end of the tunnel, which allows an unprecedented tap into all traffic without the need to decrypt or interfere with the data transport. This, in turn, provides a rich environment for threat hunting, that includes powerful filters, the ability to take containment actions, as well as fully automated detection and response.
Since Deep Visibility does not require an additional agent and is a holistic part of the SentinelOne EPP platform, it is fully integrated into the investigation, mitigation and response capability sets, including process forensics, file and machine quarantine, and fully automated, dynamic remediation and rollback capabilities.
Additionally, Deep Visibility does not require any changes to network topology and does not require any certificates for installation. Visibility into encrypted traffic further enriches forensics insights and empowers security analysts with more holistic investigation capabilities without impacting the end-user experience.
“Deep Visibility is a breakthrough that will redefine how we think about perimeters,” said Weingarten. “Gaining visibility into the data pathways marks the first milestone for a real, software-defined edge network that can span through physical perimeters, to hybrid datacenters and cloud services. This is the beginning of the network of the future.”
In addition to Deep Visibility, SentinelOne EPP will also offer several new capabilities that further enrich visibility into customer environments and threats. Key capabilities include:
- Support for new platforms Amazon Linux AMI and Oracle Linux to expand visibility into critical server environments
- Full disk scan support to discover latent threats
- Richer forensics insights to help identify the source of threats and build attack storylines
Current SentinelOne customers can upgrade to a new agent with access to Deep Visibility by working with their customer success managers. Prospective customers can learn more about SentinelOne EPP and the new Deep Visibility capabilities here.