Customized and Dynamic Detection Rules Coupled with Automated Responses Replace Legacy EDR Watchlists

SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today unveiled SentinelOne Storyline Active Response (STAR)^TM, its cloud-based automated hunting, detection, and response engine. Integrated with SentinelOne’s ActiveEDR^®, STAR empowers security teams to create custom detection and response rules and deploy them in real time to the entire network or desired subset, to proactively detect and respond to threats. STAR also enables security teams to turn these queries into hunting rules that trigger alerts and automated responses when rules detect matches. STAR replaces the need for manual, one-off, and labor intensive legacy EDR activities with automated, customized responses - empowering SOC teams to stay a step ahead of the rapidly evolving threat landscape. Unlike legacy EDR watchlists, STAR can protect against new threats without software updates, write customized MITRE-compatible detection logic, and add rules for industry-specific threats at machine speed.

The SentinelOne Singularity XDR platform is built on the foundation of Storyline technology. Storyline leverages patented behavioral AI to monitor, track, and contextualize all event data across endpoints, cloud workloads, and IoT devices. The output is a dynamic model which scores risk and connects disparate event data automatically into an understandable story at machine speed. Storyline Active Response adds capability to the output of the Storyline technology to customize detection and automate responses.

“Despite advancements over the past few years, EDR products are still human-powered and dependent on manual work to respond to attacks. The result is a growing time gap which benefits the adversary in compromising enterprises,” said Yonni Shelmerdine, Head of XDR Products and Strategy, SentinelOne. “We built STAR to enable SOC teams to be proactive and efficient. The “R” of EDR - response - has always been too resource-intensive and is the weak spot where today’s products, people, and processes fall short. STAR is a natural evolution of our best-in-class visibility and advanced detection capabilities, enabling enterprises to benefit from the automation, scale, and speed that we’re bringing to the XDR era.”

Nationstates and cybercrime groups are continually automating their tactics, techniques, and procedures (TTPs) to avoid being detected within networks. EDR products are producing data at the scale of billions of events per day, creating an analysis and response challenge beyond the limits of human capacity. SentinelOne STAR alleviates this burden, leveraging technology to automatically respond to threats.

“In the face of ever-evolving attacks, time and automation are key to neutralizing them,” said Ben Auch, Sr. Director of Cybersecurity at Gannett. “SentinelOne STAR provides our security team the ability to write custom TTP and IOC detection rules to target threats specific to our environment and to kill the threats automatically. Also, unlike legacy watchlists, STAR lets us easily pivot from hunting threats to creating threat detection rules in real-time without needing to make any configuration changes. SentinelOne has been a great partner to us in all stages and continues to innovate and pioneer new solutions in the market.”

To learn more about how STAR can customize detection rules and automate response to fit your business and environment, please visit: ​​https://www.sentinelone.com/platform/singularity-xdr-power-tools/

About SentinelOne

SentinelOne’s cybersecurity solution encompasses AI-powered prevention, detection, response and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform.

View source version on businesswire.com: https://www.businesswire.com/news/home/20210804005864/en/