Customized and Dynamic Detection Rules Coupled with Automated Responses Replace Legacy EDR Watchlists
An autonomous cybersecurity platform company, SentinelOne has unveiled SentinelOne Storyline Active Response (STAR), its cloud-based automated hunting, detection, and response engine.
STAR, which is integrated with SentinelOne’s ActiveEDR, allows security teams to design unique detection and response rules and deploy them in real time to the entire network or desired subset, allowing them to proactively detect and respond to threats.
When the rules detect matches, STAR allows security teams to turn these inquiries into hunting rules, which trigger warnings and automatic reactions. STAR eliminates the need for manual, one-time, and labor-intensive legacy EDR procedures in favour of automated, customised responses, allowing SOC teams to remain ahead of the continually changing threat landscape.
Unlike previous EDR watchlists, STAR can protect against new threats without the need for software updates, build customised MITRE-compatible detection logic, and add industry-specific threat criteria at machine speed.
The SentinelOne Singularity XDR platform is built on the foundation of Storyline technology. Storyline leverages patented behavioral AI to monitor, track, and contextualize all event data across endpoints, cloud workloads, and IoT devices. The output is a dynamic model which scores risk and connects disparate event data automatically into an understandable story at machine speed. Storyline Active Response adds capability to the output of the Storyline technology to customize detection and automate responses.
“Despite advancements over the past few years, EDR products are still human-powered and dependent on manual work to respond to attacks. The result is a growing time gap which benefits the adversary in compromising enterprises,” said Yonni Shelmerdine, Head of XDR Products and Strategy, SentinelOne. “We built STAR to enable SOC teams to be proactive and efficient. The “R” of EDR – response – has always been too resource-intensive and is the weak spot where today’s products, people, and processes fall short. STAR is a natural evolution of our best-in-class visibility and advanced detection capabilities, enabling enterprises to benefit from the automation, scale, and speed that we’re bringing to the XDR era.”
To avoid being detected within networks, nationstates and cybercrime groups are constantly automating their tactics, methods, and procedures (TTPs). EDR solutions generate data at a rate of billions of events per day, posing an analytical and reaction problem that exceeds human capability. SentinelOne STAR relieves this load by utilizing technology to respond to threats automatically.
“In the face of ever-evolving attacks, time and automation are key to neutralizing them,” said Ben Auch, Sr. Director of Cybersecurity at Gannett. “SentinelOne STAR provides our security team the ability to write custom TTP and IOC detection rules to target threats specific to our environment and to kill the threats automatically. Also, unlike legacy watchlists, STAR lets us easily pivot from hunting threats to creating threat detection rules in real-time without needing to make any configuration changes. SentinelOne has been a great partner to us in all stages and continues to innovate and pioneer new solutions in the market.”