Endpoint Detection and Response
SentinelOne Complete EDR
Ihloom Cybersecurity leverages SentinelOne Complete Endpoint Detection and Response (EDR) platform for its unique malware detection and remediation technology. This solution incorporates the industry’s most innovative endpoint threat detection, providing visibility into the root causes and origins of the threat, reversing the malicious operations and remediating them fully.
what you get
Our SOC can address the myriad of alerts and notices your endpoints generate, including suspicious activity, system compromise, malware remediation, and false positive process whitelisting.
Support and Policy Creation
Ensure a secure configuration and compliance with the SentinelOne million-dollar remediation warranty.
Expert deployment support
Get help deploying SentinelOne to your organization. Sophisticated EDR solutions are not straightforward or simple. The Ihloom team will assist with best approaches, policy configurations, and troubleshooting support.
DEEP VISIBILITY across all endpoints
Leverage the power of Deep Visibility across
all endpoints for bug hunting and incident response support.
- Identify missing or unprotected systems with as-needed Ranger Reports
- Month-to-month billing based on utilization
- Device control and managed firewall
SentinelOne ActiveEDR™ is an advanced EDR and threat hunting solution that delivers real-time visibility with contextualized, correlated insights accelerating triaging and root cause analysis. The solution allows for automated threat resolution, dramatically reducing the mean time to remediate (MTTR) the incident. ActiveEDR enables proactive hunting capabilities to uncover stealthy, sophisticated threats lurking in the environment.
Detect high-velocity threats with patented Storyline
Accelerate investigations with seamlessly integrated MITRE ATT&CK techniques
SentinelOne ActiveEDR maps attacks in real-time to the MITRE ATT&CK framework, providing analysts immediate in-product indicators and attack technique context. SentinelOne correlates multiple MITRE observations to the same Storyline, making searching for MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) fast and painless across your environment. It’s as easy as entering the MITRE technique ID and using this to perform investigations, enabling the security team to understand complex detections quickly.
Remediate the entire attack with patented 1-click remediation & rollback
SentinelOne enables analysts to take all the required actions needed to respond and remediate the threat with a single click. With one click, the analyst can execute a full suite of remediation actions such as network quarantine or killing a process to remove persistence mechanisms. Rollback functionality automatically restores deleted or corrupted files caused by ransomware activity to their pre-infected state without needing to reimage the machine. SentinelOne one-click remediation simplifies response and dramatically reduces mean time to resolution. SentinelOne also offers full Remote Shell capabilities on all platforms to give your security team a quick way to investigate attacks, collect forensic data, and remediate breaches no matter where the compromised endpoints are located. This eliminates uncertainty and significantly reducing any downtime that results from an attack.
Proactively hunt to uncover advanced adversaries
SentinelOne’s Deep Visibility empowers rapid threat hunting capabilities to conduct a deep investigation and enable hunting at scale. Threat hunters can quickly and easily query and pivot across the captured endpoint telemetry. SentinelOne automatically correlates all related objects (processes, files, threads, events, and more). For instance, say a process modifies another process by injecting code. When you run a query, all interactions between the source process, target process, and parent process are shown clearly in the cross-process details. This lets threat hunters quickly understand the data relationships: the root cause behind a threat with all of its context, relationships, and activities and enable them to understand the full story of what happened on an endpoint and see the complete chain of events.
You can create powerful hunting queries with easy-to-use shortcuts. Leverage a query library of hunts curated by SentinelOne research who continually evaluate new methodologies to uncover new IOCs and TTPs. These insights are the output of hypotheses that are proven across research data and are generic. For example, the use of unmanaged, unsigned Powershell is likely abnormal in most environments; and would commonly require additional investigation. The above example is not malicious in and of itself but fits in a hunting workflow, as they are descriptive of anomalies.
SentinelOne Hunter, a Chrome Extension, helps Security Operations and hunters save time. Hunter lets you quickly scrape data from your browser and opens a query in your SentinelOne Management Console to search for that data across your organization. Hunter captures these indicators from information open in your current browser tab: IP addresses, DNS names, and hashes (MD5, SHA-1, and SHA-256). When the indicators of interest are captured, they are redirected to your SentinelOne Management Console. The Hunter extension does not capture any personal or private data from the browser or the user.
Investigate historical data with extended data retention
The ability to look back into any point in time allows analysts to see if the threat has targeted your organization in the past and view the full stream of information on how that attack occurred, including the entire process tree, timeline, and related activities. SentinelOne provides visibility EDR data retention of 365 days and beyond, for full historical analysis of any attack.