SentinelOne has recently introduced a cloud-based automated hunting, detection, and response engine Storyline Active Response (STAR).
Integrated with SentinelOne’s ActiveEDR, STAR empowers security teams to create custom detection and response rules and deploy them in real time to the entire network or desired subset, to proactively detect and respond to threats.
The solution also enables security teams to turn these queries into hunting rules that trigger alerts and automated responses when rules detect matches. It replaces the need for manual, one-off, and labour-intensive legacy EDR activities with automated, customied responses – empowering SOC teams to stay a step ahead of the rapidly evolving threat landscape. Unlike legacy EDR watchlists, STAR can protect against new threats without software updates, write customised MITRE-compatible detection logic, and add rules for industry-specific threats at machine speed.
The SentinelOne Singularity XDR platform is built on the foundation of Storyline technology. Storyline leverages patented behavioral AI to monitor, track, and contextualise all event data across endpoints, cloud workloads, and IoT devices. The output is a dynamic model which scores risk and connects disparate event data automatically into an understandable story at machine speed. Storyline Active Response adds capability to the output of the Storyline technology to customise detection and automate responses.
“Despite advancements over the past few years, EDR products are still human-powered and dependent on manual work to respond to attacks. The result is a growing time gap which benefits the adversary in compromising enterprises,” said Yonni Shelmerdine, Head of XDR Products and Strategy, SentinelOne.
“We built STAR to enable SOC teams to be proactive and efficient. The “R” of EDR – response – has always been too resource-intensive and is the weak spot where today’s products, people, and processes fall short. STAR is a natural evolution of our best-in-class visibility and advanced detection capabilities, enabling enterprises to benefit from the automation, scale, and speed that we’re bringing to the XDR era.”
ALSO IN THE NEWS: UAE sees massive spike in malware attacks in H1 2021
Nationstates and cybercrime groups are continually automating their tactics, techniques, and procedures (TTPs) to avoid being detected within networks. EDR products are producing data at the scale of billions of events per day, creating an analysis and response challenge beyond the limits of human capacity. SentinelOne STAR alleviates this burden, leveraging technology to automatically respond to threats.
