SentinelOne Introduces ‘Deep Visibility Module’ for IOC Search and Threat Hunting on the Endpoint

SentinelOne has launched a new Deep Visibility module for the SentinelOne Endpoint Protection Platform (EPP), offering new search capabilities for all indicators of compromise (IOCs)—regardless of encryption and without the need for additional agents, according to a release.

“We are bringing visibility into every edge of the network — from the endpoint to the cloud,” said Tomer Weingarten, CEO of SentinelOne. “Deep Visibility enables search capabilities and visibility into all traffic, since we see it at the source and monitor it from the core. We know that more than half of all traffic is encrypted — including malicious traffic — which makes a direct line of sight into all traffic an imperative ingredient in enterprise defense.”

Deep Visibility extends the company’s current endpoint suite abilities to provide visibility into endpoint data, by using kernel-based monitoring for autonomous search capabilities across all endpoints, including those that go off-line, in real-time or retrospective search.

Deep Visibility will also let customers gain insights into file integrity and data integrity by monitoring file characteristics and recording data exports to external storage.

“Deep Visibility is a breakthrough that will re-define how we think about perimeters,” said Weingarten. “Gaining visibility into the data pathways marks the first milestone for a real, software-defined edge network that can span through physical perimeters, to hybrid datacenters and cloud services. This is the beginning of the network of the future.”

In addition to Deep Visibility, SentinelOne EPP will also offer several new capabilities, including:

  • Support for new platforms Amazon Linux AMI and Oracle Linux to expand visibility into critical server environments
  • Full disk scan support to discover latent threats
  • Richer forensics insights to help identify the source of threats and build attack storylines

 

Jeff Edwards
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *