Endpoint security firm SentinelOne challenges traditional anti-virus software

Next-generation endpoint protection vendor SentinelOne has received the same certification that many traditional antivirus platforms seek, meaning it can be considered suitable for meeting certain requirements of industry and governmental regulations.

Next-generation endpoint protection vendor SentinelOne has received the same certification that many traditional antivirus platforms seek, meaning it can be considered suitable for meeting certain requirements of industry and governmental regulations.

The company's new endpoint protection platform, called EPP, has won an Approved Corporate Endpoint Protection seal of approval from AV-Test, a firm that evaluates and certifies a range of security products. The seal of approval means the device meets AV-Test standards, and those standards carry weight in determining whether corporate defenses comply with regulations.

+More on Network World: Next-generation endpoint protection not as easy as it sounds+

"AV-Test is a good indicator of how a antimalware system will block threats," says Peter Firstbrook, an analyst with Gartner. "SentineOne did very well considering they don't use any signatures, just behavior blocking.  So yes I would say that it qualifies as a replacement for existing AV which is significant because very few other new antimalware solutions have taken this step (being tested) or would even claim to replace current AV solutions," Firstbrook said in an email.

He noted that while EPP could replace traditional anti-virus software, it is also compatible with them, so businesses wouldn't have to rip out their current software.

SentinelOne faces a long list of competitors including Palo Alto Networks, Bit9+Carbon Black, FireEye, LightCyber and Tanium.

Unlike traditional anti-virus software, EPP does not rely on signature libraries to find known malware. Instead it uses the behavior of the endpoints what the company calls dynamic execution patterns - to determine whether an endpoint is being compromised. About 160 of those patterns catch the same amount of malware as millions of signatures, says SentinelOne CEO Tomer Weingarten.

In addition to catching malware EPP can remediate infections by quarantining files, killing processes and returning endpoints to known good states, he says.

EPP performs passive scanning of endpoints, indexes files of interest and sends metadata about them to the cloud where they are given threat reputation scores. If the scores break policy thresholds, they can be deleted.

"Think of this data like the black box on a plane," says Firstbrook. "If an incident does occur you have a full recording of its effect on the system and (hopefully) the company." Gartner calls this type of capability Endpoint threat Detection and Remediation (EDR).

He says that history feature makes EPP more complex than a typical anti-virus product, but it has a fairly simple dashboard for managing it. He notes that SentinelOne is a relatively new company, "so will likely growing pains in support and services (like any startup), and although they did well in one AV-Test it doesn't mean they will continue to do well."

SentinelOne was founded in 2013 and has $15 million in funding from Tiger Global, Accel Partners and Data Collective, Weingarten says. Its founders are Weingarten and Almog Cohen, the former head of innovation at Check Point Software.

Join the CSO newsletter!

Error: Please check your email address.

Tags palo alto networksGartnerBit9securityNetwork World

More about Check PointFireEyeGartnerPalo Alto Networks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place