2/24/2023 0 Comments Malwarebytes bargain![]() ![]() ![]() Next, it was CrowdStrike, and then Malwarebytes. Primarily in the last year, the number one solution clients had, in cases where we replaced it, was probably Sophos. Some are actually the creators of IoT and as they put new products on the air for testing, we're able to help protect them from external attacks. Various clients, depending on their business practices, are heavily in the IoT. It was a game-changer when Ranger came to fruition. We have between 60 and 80 incident responses ongoing at any time, and having the ability to deploy just one agent to do everything we need to advise clients on how to improve their security and prevent a second attack, is incredibly important. If you think about it, we're in the middle of an incident response every day. It's incredibly important to us that Ranger requires no new agents, hardware, or network changes. The other advantage of Ranger is that it lets us put a block into the firewall of SentinelOne that's on every Windows computer, and we can stop the communications from the offending internet of things product to every system on the network with just a few clicks. The second way we use it is if a printer or a camera or a thermostat is being used as a relay for an attack, through a weakness in that product, we are able to let them know exactly what product it is. This is critical because SentinelOne should be placed on everything in the environment for maximum protection. The first thing we do is look for unprotected endpoints in the environment. Our people constantly use the Ranger functionality. For example, they may be constantly clicking on the wrong links or the wrong attachments in phishing emails. When an event occurs, it gets stopped, and then they have a way to look into that data to find ways to improve the security of their network or what risk factors they need to tend to within the company through education or other means. The fact that it stops everything and lets you analyze it with great detail, including how it occurred, to improve your overall security infrastructure to prevent such an attack from occurring in the future, is really important to clients because it's almost like a security advisor or a security operation center in the tool itself. ![]() The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring. SentinelOne has improved everybody's productivity because the design of the screens is such that it takes an analyst immediately to what they need next, to make the proper decision on the next steps needed for the client. Instead of just telling them a security problem, we are able to use that data, analyze it, and give an IT solution to the problem. The deep visibility that is given to us through the storyline is incredibly helpful to get to the root cause of an infection and to create immediate countermeasures, in an IT solution manner, for the client. The storyline feature offers an incredible improvement in terms of response time. That allows us to suggest improvements in network security for our clients as we protect them. They're able to utilize the storyline to determine exactly how the badness got into the network and touched the computer in the first place. My analysts use SentinelOne's storyline feature, which observes all OS processes. As part of the testing, we used a variety of actual ransomware applications that were occurring, live on people's systems at the time. We found that the only product that stopped every instance of ransomware we placed into the computers in the test lab, was SentinelOne. We actually put a laboratory together and we tested SentinelOne against CrowdStrike, Cylance, and Carbon Black side by side. ![]() We have tested SentinelOne's static AI and behavioral AI technologies and it performs well. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |