SentinelOne Advanced AlienApp 

June 4, 2021 | Ziv Hagbi

In today’s threat landscape there is no escape from having a 360° view to protect crucial organization assets. The criticality of the matter is greatly amplified in these times where working remotely has become vastly common among Enterprises and SMBs alike.  An ideal security solution would combine threat detection & response on cloud resources as well as on the endpoint level, providing extensive, real-time and impactful coverage customers desperately need.

Users of all types should be extra careful as hackers’ attacks on company resources soar through the roof and they try to get access to sensitive information. A complete security solution should include a high-end Endpoint Detection and Response (EDR) with a Next Generation threat detection and response platform  that will not let attacks fall through the cracks and will protect the company’s interests from intentional or unintentional user (internal or external) behavior.

USM Anywhere brings this story together in the form of a unique integration approach with a world-class, award-winning EDR solution – SentinelOne-tying together cloud and endpoint detection and response. AT&T is excited to introduce the advanced AlienApp for SentinelOne.

SentinelOne AlienApp

The Advanced AlienApp for SentinelOne capitalizes the SentinelOne  API first approach that  helped us build one of the richest apps we’ve ever built. All a customer needs to do is configure their SentinelOne credentials within the app and USM Anywhere will take it from there.

AlienApp for SentinelOne

The Advanced AlienApp for SentinelOne provides customers with a comprehensive toolset for threat detection and response including:

  • Threat ingestion
  • Asset & Vulnerability Discovery
  • Rich Orchestration and Response engine
  • Reports & Dashboard
  • Auditing
  • Advanced Hunting Abilities and more…

In addition, utilizing the SentinelOne state-of-the-art rogue feature, customers can detect assets even if the SentinelOne agent isn’t deployed on those assets. 

SentinelOne asset inventory

USM Anywhere can pull the asset inventory from SentinelOne and compare it to the existing asset inventory within USM Anywhere based on a unique identifier to track the asset even if it changed IPs. This process updates existing assets with any new information from the agent and new assets will be added. The asset lifecycle is fully automatic.

S1 asset merge

asset merge popup

Having deep visibility on all company’s endpoints is monumental to the company’s safety. This can be  a personal or company laptop or widely used as a company server regardless if it’s a physical or virtual. The ability to collect logs and correlate those among potentially millions of assets helps separate secured organizations from vulnerable ones. The Advanced AlienApp for SentinelOne can provide those security insights at a glance.

S1 at a glance

Customers can get even more security insights as the app can also generate new SentinelOne reports or download existing ones with a click. Customers can generate different types of reports to be downloaded ad hoc or scheduled.

S1 AlienApp screen

How AT&T USM Anywhere, AT&T Alien Labs & SentinelOne collaborate to bring one of the best Endpoint Security offering to the market

AT&T Alien Labs and the SentinelOne team have been working together to bring the two platforms even closer. AT&T customers will also benefit from having all the threat data from SentinelOne enriched through the Open Threat Exchange (OTX) platform for even deeper visibility providing a single pane of glass experience via USM Anywhere.

Once the Advanced AlienApp for SentinelOne is configured, USM Anywhere can pull threats detected across all assets (with or without an agent). Mobilizing the knowledge and expertise of AT&T Alien Labs and the OTX the threats are enriched internally to provide more data to the SOC analyst.

Customers who’ve purchased SentinelOne through AT&T will have even greater detection capabilities as we utilize and extend the AT&T Alien Labs team to build custom detection rules through the SentinelOne “STAR” Deep Visibility technology.  Furthermore, the AT&T Alien Labs team will include Premium OTX pulses on top for even greater Indicator of Compromise (IOC) visibility homegrown by AT&T.

S1 AlienApp alarm

In addition to providing full threat visibility, USM Anywhere utilizes the SentinelOne orchestration engine so that analysts can mitigate threats from USM Anywhere without having to swivel chair back to SentinelOne. There are a variety of mitigation actions such as kill, quarantine, remediate and rollback and other management actions like disconnecting a host from the network, block/exclusion list support and more. Actions could be taken on a specific asset or all assets associated with a potential threat using automation rules or manual action.

S1 alienapp with popups

SentinelOne

SentinelOne uses AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle.

AT&T Managed Security Endpoint Service

AT&T has recently launched its newest Managed Endpoint Security Service with SentinelOne. AT&T Managed Endpoint Security with SentinelOne includes 24x7 threat monitoring and management by AT&T Security Operations Center (SOC) analysts. When used with AT&T Managed Threat Detection and Response, customers will benefit from one SOC team providing continuous monitoring of separate threat detection stacks for greater network visibility and faster endpoint threat detection. For more information about the Managed offering click here.

Try out these new AlienApps

AlienApps are included for all USM Anywhere customers at no extra charge. Try USM Anywhere by starting a Free 14-Day Trial of USM Anywhere today to see how AlienApps can help your organization work more efficiently to reduce the time between threat detection and response.

Ziv Hagbi

About the Author: Ziv Hagbi

Ziv Hagbi is a lead product manager, responsible for USM Anywhere integration portfolio in AT&T Cybersecurity. Previously, Ziv played several roles within AT&T, including Software Automation, Architecture and Product Management. And was also a pre-sale engineer at Starhome-Mach. He holds a BA degree in Management and Law from the Open University of Israel.

Read more posts from Ziv Hagbi ›

‹ BACK TO ALL BLOGS

Get price Free trial