We don't have a lot of incidents because ours is a very closed network. We don't connect directly to the internet. So SentinelOne is only a barrier between us and the emails or between us and the files that go into our network.
We did a penetration test on some solutions. A company that we work with on pen testing planted malware in Excel files, in a macro. We tested how each of the solutions alerted us on the macro and about what it was doing. SentinelOne alerted us at the moment I clicked on the mouse. When I got the popup alert from SentinelOne, I said, "That's it."
blackberry mml patch files
DOWNLOAD: https://ssurll.com/2vGKVt
My company uses SentinelOne for EDR purposes for alerts, detections, and patch deployment. For example, some clients ask my team to patch multiple devices and apply policies to the devices, so my team updates policies, applies patches, and updates machines per Windows and Mac updates.
The retention period of the tool also has room for improvement. The retention period is a time when you can patch up the logs, even older ones. Still, on SentinelOne, the retention period is only one week or one week up to twenty-eight days, and that period is insufficient, especially for a security breach. If a security breach occurs within the company, it could be six months to a year, so if you want to view the logs, you cannot go beyond the limit set by SentinelOne.
One month is the timeframe of the retention period, and one week is real-time, as scheduled by the vendor. For forensics purposes, the retention period is critical, so what would make SentinelOne better is a more extended retention period that lets you investigate logs. If you want to patch logs, you can directly call or reach out to the vendor who can provide you with the logs. If the vendor has no logs, you won't get the initial alert when the incident starts.
Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network.
In the future, I would like to see SentinelOne implement integrated patch management. It would be great to manage endpoint patching through SentinelOne. We're on our third patch manager in three years because they are lackluster. It would be nice to have a new patch management tool.
Other solutions that I usually use in other organizations were on-premises. This one is cloud-based. The point is, when you have your antivirus or EDR solution on-prem, that's your responsibility to troubleshoot the core server and do that maintenance patch and all of those kinds of tasks. When the solution is hosted in the cloud, all of these responsibilities belong to the provider, in this case, SentinelOne. When a new patch is getting released from the vendor, normally, if we were using legacy platforms, we would have to upgrade each endpoint one by one. By using cloud-based EDRs, it can be done automatically and reduces maintenance time. 2ff7e9595c
Comentarios