In a rapidly changing scenario, SentinelOne interprets the information security needs of companies and attentive observer of market trends.
Let’s meet Paolo Cecchi, SentinelOne Regional Sales Directory Mediterranean Region, and Marco Rottigni, SentinelOne Technical Director for Italywho tell us about the brand’s news and analyze the cybersecurity scenarios, placing the emphasis on the company’s evolutionary strategies.
With the growth of technological infrastructures, the exponential increase in the number and The severity of the attacks seriously endangered organizations across all industries.
Hybrid workplaces and the increase in the number of endpoints have become prime targets for cybercriminals. Used to access sensitive information and disrupt business operations, endpoint risks directly impact an organization’s finances.
Cloud journey and IT security
As Cecchi points out, companies have embarked on the journey to the cloud with greater strength and convictiondesigning network infrastructures capable of taking advantage of them, and not simply migrated from on-prem.
In this delicate moment, too attackers are targeting cloud infrastructures with renewed interest, causing significant economic and reputational damage to businesses. The financial loss caused by a successful cyberattack goes beyond the immediate costs – ransom payments, extortion fees, damage to IT infrastructure – with long-term repercussions. The fallout from even one breach can cost a company months in legal fees, fines for operating in highly regulated industries, downtime, and permanent damage to brand and reputation.
Adequate training and the availability of centralized security platforms, capable of collaborating and facilitating the work of the SecOps, are therefore needed. You need a unified dashboard and the presence of a collector capable of acquiring logs, notifications, alerts and any other operational metrics and submitting them to the security teams in a clear and intelligible way.
In this sense, SentinelOne is already forward-thinking and offers cyber resiliency tools and has long been training its AI to best support today’s business needs. The integration of artificial intelligence within the logic of understanding and developing the platform allows for a drastic step change in the recognition processes and in the implementation of risk and damage mitigation activities.
SentinelOne Singularity
SentinelOne Singularity it is everything we have described so far and more.
Marco Rottigni
The singularity disrupts the status quo to generate a new state of affairs. SentinelOne wants to be disruptive in the way it offers security, meeting companies, which increasingly need to “consume data” and which, at the same time, find themselves addressing security issues on increasingly large surfaces (endpoints, cloud, mobile , virtualization, identity, access).
Hence, the agreements with the Israeli Wizto propagate effective controls from production to the cloud (shield right, shift left)realizing truly integrated and powerful protection, from the genesis of the cloud, up to the services provided.
Wiz integration makes early access possible to Singularity Skylighta sophisticated solution that allows you to capture third-party data in the Singularity Security DataLake by SentinelOne.
This architecture is designed to simplify the standardization and data collection. When SentinelOne detects a runtime threat to a cloud server or container, it automatically enriches the threat details with context data provided by Wiz about the cloud resource in question, including any vulnerabilities, misconfigurations or exposed code, and transmits them in the SentinelOne management console.
Cloud-native cybersecurity
Companies can therefore make use of a data lake cloud nativenot imported from on-prem, as happens on some competing solutions. This makes it possible to multiply the performance of the system, without barriers due to programming legacy, it can “grind” Petabytes and demanding queries.
Being cloud native means being scalable and performing!
Not only, confirms Rottigni, in order to operate at its best, the Security Data Lake must come into contact with security platforms and must necessarily have a connotation XDR; it must then be able to interface with the security teams in a simple way, without having to write code or make complex configurations.
This architecture works best if it is actually capable of enrich the context of an incidentif you can extend and improve response capabilities and, last but not least, allow for effective aggregation of all the security platforms in use at the company.
In this sense, a standard is emerging. OCSF – Open Cybersecurity Schema Framework, in fact wants to favor the normalization, integration and centralization of each network event concerning security.
SentinelOne is already heavily committed to integration and, in collaboration with many industry vendors, has already developed around 80 applications/connectors to facilitate dialogue between different systems.
Purple AI
The culmination of an ongoing effort and a careful R&D and SentinelOne Purple AIstate-of-the-art evolution of artificial intelligence models applied to security.
Let’s talk about one generative artificial intelligence dedicated to threat hunting, analysis and response to threats. It is based on algorithms LLM (large language models) similar to those used on the well-known platform ChatGPTbut suitably calibrated and coded to interpret security events.
Purple AI represents an effective example of “pretrained” AI, starting from an immense database that is constantly updated and, therefore, immediately ready to operate.
This is a workaround agnostica compared to the network and can work, unlike many other suites available today, even in total absence of connection. It is in fact an autonomous AI, ready to run directly on the endpoint and fine-tuned to support, don’t replaceanalysts during the study and resolution of incidents.