Review: Protecting endpoints with SentinelOne’s all-powerful agents

Having powerful, protected, and independent agents sitting on endpoints gives SentinelOne a huge advantage against today's increasingly sophisticated attacks.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Endpoint protection began life as signature-based antivirus programs sitting on endpoints themselves. Over the years, the science of endpoint protection has advanced considerably to include behavior analysis and eventually machine learning and artificial intelligence to uncover threats, even as the brains of those operations tended to shift deeper into the network. Many endpoint protection programs today don’t actually sit on endpoints anymore, and perhaps only reach out to them if threats attempt lateral movement and trigger a response.

SentinelOne, by contrast, is able to deploy powerful agents with advanced detection and response capabilities onto endpoints where they can intercept threats on the frontlines. Every agent is fully independent, able to act even when the endpoint it’s protecting is disconnected from the core network, or has no connectivity at all. Beyond acting independently, each agent collects detailed forensic data about any attacks or attempted attacks.

Those same agents report back to a central management console, so that human defenders are made aware of similar threats and active campaigns levied against them. That information, and any actions taken by security personnel, is sent out to all other agents, along with instructions about how to handle similar threats that other agents might discover in the future.

SentinelOne menu John Breeden II/IDG

Setting up and controlling SentinelOne agents can be done from the management console, though every agent is fully independent, and even works when the device it’s protecting is disconnected from the network.

Agents deployed by SentinelOne work with multiple platforms, including Windows machines going back to Windows 7 or even Windows XP with a legacy agent. They also work with most versions of Windows Server, nearly every flavor of Linux, and the complete line of Mac systems going back to OS X El Capitan. Agents take up a few hundred megabytes of space on the client system, and less than one percent CPU utilization on average. They can also be deployed into VDI environments or cloud instances.

Pricing for SentinelOne is a yearly fee based on the number of endpoints being protected by the program. It can be installed and managed locally, even on an air-gapped network, or managed through the cloud. There is also a software as a service (SaaS) option where the company will either help out existing security teams as needed, or can completely monitor and manage SentinelOne as part of the service.

Testing SentinelOne

Once the agents are in place, administrators need to configure them based on the environment and security tolerances, all of which is done from the management console. Agent policy is based on a hierarchy to avoid conflicts.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.