Securing your business with SentinelOne
The IT industry has a rapidly evolving landscape, with new technologies announced daily and breakthroughs constantly on the horizon. In recent years, cybersecurity has firmly secured its place in almost all, if not all, discussions surrounding IT operations, whether that’s infrastructure, support, or general day-to-day usage. Our intention at Vinters is to hold technology as an enabler, allowing your business to grow with the reassurance that your operations remain available. This can be done through reactive strategies such as Managed IT Support and Infrastructure Management or proactive strategies including Managed Backups or Disaster Recovery services.
There has been an increase in the sophistication of cyber threats and the potential for devastating data breaches. Therefore, the demand for increased levels of protection has never been higher. Endpoint security is crucial for safeguarding against these threats. At Vinters, one of the critical components of our Cybersecurity solution includes advanced endpoint protection through SentinelOne, an Endpoint Detection and Response (EDR) solution provided by our partner, N-Able.
In this article, we’ll explore the importance of endpoint security and how SentinelOne can help strengthen your overall security posture.
What is Endpoint Detection and Response (EDR)?
Endpoint Detection and Response (EDR) focuses on detecting and investigating malicious activities and events on endpoints. This includes laptops, desktops, servers, and mobile devices.
This detection and investigation occur in real-time, analysing endpoint data, network traffic, and user behaviour to detect anomalous activities which may signify a security breach of either a single endpoint or multiple endpoints within the same network.
The real-time nature of EDR enables quick and efficient handling of security events. Therefore, minimising the risk of data breaches and preventing events from escalating to incidents. This efficiency is due to continuous endpoint monitoring combined with advanced analytics, machine learning, and behavioural analysis to detect suspicious activities.
Ever-Evolving Threats
The relentless pace and increased sophistication of cyber-attacks requires SMBs/SMEs to have a comprehensive cyber security solution, with over 560,000 new cyber threats being discovered daily. In 2024, 50% of UK businesses have suffered a cyber-attack or security breach in the previous 12 months. This is where EDR comes in as one of the best security solutions for your endpoints. We’ve highlighted two main features EDR products provide to protect organisations against these evolving threats.
Accelerated Incident Response
EDR provides the ability to quickly isolate infected endpoints, terminate malicious processes, and block potentially harmful network connections. It’s this capability that allows EDR to rapidly respond to threats, significantly reducing the impact of an attack, and preventing it from escalating into a full breach or incident. By swiftly containing threats, EDR protects critical data ensuring business continuity.
Improved Threat Detection
By employing advanced technologies such as behavioural and static AI, in conjunction with machine learning, EDR can continuously analyse endpoint activity to detect anomalies and suspicious patterns. This proactive approach leads to improved threat detection. Therefore, enabling the identification and mitigation of potential threats before they cause impact. This continual monitoring and analysis ensures that EDR can detect and remediate even the most sophisticated attacks.
SentinelOne: A Deeper Look
The recent CrowdStrike incident underscores the critical importance of vendor evaluation in quality assurance. We recognise the responsibility to provide assurances about the comparable EDR product we utilise. As a result, we will take this as an opportunity to reassess SentinelOne to ensure our product choices continue to give the highest levels of security and reliability.
On 19th July 2024, a faulty channel file was served to all Windows 7 and above endpoints running CrowdStrike’s Falcon sensor. This file caused kernel instability resulting in a Blue Screen of Death loop. It is estimated to have affected 8.5 million Windows devices worldwide. Due to the level at which the change occurred, the remediation steps required booting the affected devices into safe mode. This would either delete the faulty channel file or use remediation scripts provided by Microsoft.
Given this incident, concerns have arisen regarding other EDR products that operate similarly and the potential impact of an errant update.
What Makes Sentinel One Different?
SentinelOne uses a Live Security Update (LSU) mechanism confined to detection-related logic and models. These operate in an isolated user-mode space, separate from the core of the SentinelOne agent. The LSUs do not affect the kernel or core components of the EDR agent.
As the SentinelOne EDR agent primarily operates in user space it doesn’t have direct access to the underlying operating system. Therefore, the LSU’s only impact user-space components. This was an intentional by-design choice of N-Able to increase stability and significantly decrease the risk of interoperability.
Core components of the SentinelOne EDR agents are updated either through the Upgrade Policy or manually by Vinters, giving us full control over these updates. This provides us with the ability to either configure the Upgrade Policy or manually roll out the updates.
Additionally, SentinelOne implements an extensive Pre-General Availability process. Providing Early Access builds to customers for testing in controlled environments and feedback. This process, which is entirely optional and opt-in, allows rigorous testing both by SentinelOne’s Quality Assurance team and through controlled customer environments before being widely released.
By employing these measures, SentinelOne provides customers with complete control over when and where updates are deployed.
With the increase in remote working and overall volume of threats, it’s never been more important to include Endpoint Security as part of your organisation’s cybersecurity strategy.
If you would like to explore how Vinter’s can help protect your business from the ever-growing threat of cyberattacks, reach out to us today.
