1 Introduction
The antivirus has been proclaimed dead years ago and on multiple occasions. There is a certain truth behind these claims – with the massive increase in size and complexity of IT infrastructures, legacy signature-based antivirus solutions have long been proven inadequate for protecting against the scale and sophistication of modern cyber-attacks. And even though Endpoint Protection (EPP) solutions that have replaced them offer additional capabilities like application whitelisting, device control, and firewalls, they are still often falling short at their primary task: detecting malware before or during its execution to prevent damage.
The sheer number of threat vectors, both external and internal, that digital businesses were facing eventually led to a realization that protection from known threats alone is no longer a feasible security strategy. A major paradigm shift in cybersecurity gave birth to a new class of Endpoint Detection and Response (EDR) products that focused on detecting and investigating suspicious activities on endpoints (and various artifacts and traces left by malware after an attack). EDR solutions usually collect various telemetry from endpoints using software agents and allow security analysts to examine affected endpoints remotely to identify and mitigate the root cause of a security incident.
For some time, EDR products were marketed as the perfect alternative to legacy antiviruses, but unfortunately, their major shortcomings were quickly identified. First, the very definition of an endpoint has evolved – nowadays, various desktops, mobile devices, virtual machines, even containers and other cloud workloads are connected directly to corporate networks, making the task of maintaining consistent visibility across them a challenge. More important, however, was the realization that more security telemetry does not necessarily translate into better security (the same problem that SIEM product vendors have identified almost a decade earlier).
If anything, the growing number of alerts generated by an EDR solution can quickly overwhelm even a large team of expert security analysts, leaving very little time to investigate and respond to an incident before it turns into a major disruption. Many companies deal with the problem by outsourcing their security operations to a managed service. An alternative approach, gaining popularity recently, is to utilize AI-based methods and other automation tools to improve analyst productivity and reduce the time needed for decision-making. However, relying on human intervention, these solutions are still far from enabling a truly real-time response to detected cyber threats.
SentinelOne is an endpoint security vendor headquartered in Mountain View, CA. Founded in 2013 by a team of veterans of the Israeli cyber-intelligence community, the company’s strategic vision is an integrated endpoint security platform to replace multiple disjointed security tools with a single solution to prevent, detect, analyze and respond to cyberthreats across all enterprise IT assets, on-premises and in the cloud. Powered by an autonomous AI engine built directly into its endpoint agent, the solution is claimed to be able to respond to a wide range of threats in real time without the latency of the cloud.
The company is privately held and supported by venture capital. Even though it’s technically still in the startup mode, a number of successful investment rounds have already turned SentinelOne into a unicorn company with market valuation over $1.1 billion. It is currently serving over 3,500 enterprise customers worldwide.