SentinelOne Antivirus

In today’s world, it is more important than ever to stay protected and ensure cyber-security. We have seen technologies become outdated and cyber threats continuously change. The technology landscape is forever changing and new products are needed to fight against the malicious attacks of hackers and thieves. New artificial intelligence technologies have been developed to combat these challenges and have forever shaped the way antivirus software performs. 

We are very excited to introduce SentinelOne as our newest antivirus at ICS Data. SentinelOne is a trusted leader in the cyber-security industry and provides security for some of the largest companies in the world. Its list of users includes 3 of the top 10 Fortune 500 companies and hundreds of the Global 2000 companies. SentinelOne goes above and beyond traditional antivirus software with the ability to prevent, detect and respond to threats in real time. ICS Data is here to help keep you secure!

What is SentinelOne?

Endpoint Protection Platform (EPP)

Technology that focuses on behavior blocking and leverages artificial intelligence, rather than using signature blocking. 

Detects, prevents, responds and hunts threats in real time

Continually learning new threat behaviors

Behavioral vs. Signature Based Blocking

Behavioral – detecting unknown threats based on what the threat is actually doing, detects threats that do not have an established signature/code. (can detect brand new threats)

Signature – every threat or virus has its own signature/code, detects viruses and threats that are already known. (cannot detect new threats that do not have known signatures)

Preventative Measures

Kill – The Kill option stops the attack in its tracks. All active content in documents, executables, and sub-processes are stopped. 

Quarantine – The Quarantine option encrypts malicious executables, and moves them to a confined path. Quarantined files can be retrieved for further analysis.

Response Measures

Remediate – The Remediate response measure removes linked libraries, deletes seed files, and restores the configuration of the OS, application, and user settings to the state before an attack began.

Rollback – Rollback is the last level in the mitigation chain and it restores the endpoint, undoing the changes made by the malicious process and its associated assets.