SentinelOne Advanced AlienApp 

June 4, 2021  |  Ziv Hagbi

In today’s threat landscape there is no escape from having a 360° view to protect crucial organization assets. The criticality of the matter is greatly amplified in these times where working remotely has become vastly common among Enterprises and SMBs alike.  An ideal security solution would combine threat detection & response on cloud resources as well as on the endpoint level, providing extensive, real-time and impactful coverage customers desperately need.

Users of all types should be extra careful as hackers’ attacks on company resources soar through the roof and they try to get access to sensitive information. A complete security solution should include a high-end Endpoint Detection and Response (EDR) with a Next Generation threat detection and response platform  that will not let attacks fall through the cracks and will protect the company’s interests from intentional or unintentional user (internal or external) behavior.

USM Anywhere brings this story together in the form of a unique integration approach with a world-class, award-winning EDR solution – SentinelOne-tying together cloud and endpoint detection and response. LevelBlue is excited to introduce the advanced BlueApp for SentinelOne.

The Advanced BlueApp for SentinelOne capitalizes the SentinelOne  API first approach that  helped us build one of the richest apps we’ve ever built. All a customer needs to do is configure their SentinelOne credentials within the app and USM Anywhere will take it from there.

The Advanced AlienApp for SentinelOne provides customers with a comprehensive toolset for threat detection and response including:

  • Threat ingestion
  • Asset & Vulnerability Discovery
  • Rich Orchestration and Response engine
  • Reports & Dashboard
  • Auditing
  • Advanced Hunting Abilities and more…

In addition, utilizing the SentinelOne state-of-the-art rogue feature, customers can detect assets even if the SentinelOne agent isn’t deployed on those assets. 

USM Anywhere can pull the asset inventory from SentinelOne and compare it to the existing asset inventory within USM Anywhere based on a unique identifier to track the asset even if it changed IPs. This process updates existing assets with any new information from the agent and new assets will be added. The asset lifecycle is fully automatic.

Having deep visibility on all company’s endpoints is monumental to the company’s safety. This can be  a personal or company laptop or widely used as a company server regardless if it’s a physical or virtual. The ability to collect logs and correlate those among potentially millions of assets helps separate secured organizations from vulnerable ones. The Advanced BlueApp for SentinelOne can provide those security insights at a glance.

Customers can get even more security insights as the app can also generate new SentinelOne reports or download existing ones with a click. Customers can generate different types of reports to be downloaded ad hoc or scheduled.

How LevelBlue USM Anywhere, LevelBlue Labs & SentinelOne collaborate to bring one of the best Endpoint Security offering to the market

LevelBlue Labs and the SentinelOne team have been working together to bring the two platforms even closer. LevelBlue customers will also benefit from having all the threat data from SentinelOne enriched through the Open Threat Exchange (OTX) platform for even deeper visibility providing a single pane of glass experience via USM Anywhere.

Once the Advanced BlueApp for SentinelOne is configured, USM Anywhere can pull threats detected across all assets (with or without an agent). Mobilizing the knowledge and expertise of LevelBlue Labs and the OTX the threats are enriched internally to provide more data to the SOC analyst.

Customers who’ve purchased SentinelOne through LevelBlue will have even greater detection capabilities as we utilize and extend theLevelBlue Labs team to build custom detection rules through the SentinelOne “STAR” Deep Visibility technology.  Furthermore, the LevelBlue Labs team will include Premium OTX pulses on top for even greater Indicator of Compromise (IOC) visibility homegrown by LevelBlue.

In addition to providing full threat visibility, USM Anywhere utilizes the SentinelOne orchestration engine so that analysts can mitigate threats from USM Anywhere without having to swivel chair back to SentinelOne. There are a variety of mitigation actions such as kill, quarantine, remediate and rollback and other management actions like disconnecting a host from the network, block/exclusion list support and more. Actions could be taken on a specific asset or all assets associated with a potential threat using automation rules or manual action.

SentinelOne

SentinelOne uses AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle.

LevelBlue Managed Security Endpoint Service

LevelBlue has recently launched its newest Managed Endpoint Security Service with SentinelOne. LevelBlue Managed Endpoint Security with SentinelOne includes 24x7 threat monitoring and management by LevelBlue Security Operations Center (SOC) analysts. When used with LevelBlue Managed Threat Detection and Response, customers will benefit from one SOC team providing continuous monitoring of separate threat detection stacks for greater network visibility and faster endpoint threat detection. For more information about the Managed offering click here.

Try out these new BlueApps

BlueApps are included for all USM Anywhere customers at no extra charge. Try USM Anywhere by starting a Free 14-Day Trial of USM Anywhere today to see how BlueApps can help your organization work more efficiently to reduce the time between threat detection and response.

Share this with others

Featured resources

 

 

2024 Futures Report

Get price Free trial