Home > News > Top Stories > SentinelOne Launches RemoteOps Forensics for Faster Incident Response

Platform Security

SentinelOne Launches RemoteOps Forensics for Faster Incident Response

SentinelOne’s RemoteOps Forensics Improves Incident Response

SentinelOne, a global leader in autonomous cybersecurity, is addressing the pressing need for rapid and effective responses to the escalating wave of cyber breaches. Today, the company announced the launch of Singularity RemoteOps Forensics, a pioneering digital forensics product designed to streamline and accelerate incident response readiness. This innovative solution promises to empower organizations of all sizes, ushering in a new era of efficient and scalable investigation and response capabilities in the face of evolving cybersecurity challenges.

Integrated seamlessly with the SentinelOne Singularity Platform and as an add-on to Sentinel One's Endpoint and Cloud Workload Security solutions, RemoteOps Forensics offers a rapid, adaptable digital forensics and incident response solution. Security teams can leverage this tool to enhance efficiency by optimizing resources and accelerating Mean Time to Resolution. With the capability for targeted investigations on various assets, including endpoints and server workloads, it enables conditional trigger-based evidence collection. This automation efficiently gathers evidence, such as process data, ports, service listings, MFT, Amcache, JumpLists, and memory dumps, orchestrating them in under a minute. Consolidating evidence into the Singularity Security DataLake allows for the correlation of SentinelOne and partner data with forensics data in a unified search, facilitating a comprehensive view of attacks, rapid root cause identification, and risk mitigation.

Furthermore, it provides the ability to analyze collected evidence alongside Endpoint Detection and Response (EDR) data within a single console, empowering proactive defense against future threats. The integration and analysis of this combined data unveil concealed indicators of compromise, detect advanced attack patterns, and offer insights into threat actors' tactics, techniques, and procedures.

RemoteOps Forensics is a cost-effective and resource-efficient solution that seamlessly integrates with the SentinelOne agent. This integration alleviates the necessity of deploying and provisioning multiple tools throughout the investigative process, resulting in significant time and resource savings for organizations. In addition, this innovative solution prioritizes the maintenance of forensic integrity by minimizing changes made to the disk, and it leverages SentinelOne's anti-tampering and metadata collection capabilities to safeguard data integrity. In doing so, it streamlines investigations and upholds the highest standards of forensic rigor, reinforcing organizations' cybersecurity defenses with a comprehensive and efficient approach.

Jane Wong, Senior Vice President of Products and Strategy at SentinelOne, said,

As timelines for reporting and responding to breaches shrink, it is imperative that the security teams have advanced forensics capabilities that can make investigations faster and more efficient, and with Singularity RemoteOps Forensics, the team is delivering them.

[Source – Business Wire]

SentinelOne's new forensic capabilities help develop incident response by enabling security teams to conduct thorough investigations more quickly, Jane also mentioned eliminating the requirement for specialized expertise or additional tools.

About SentinelOne

SentinelOne is a leading provider of autonomous cybersecurity solutions. With its identified Singularity Platform, the company excels at detecting, preventing, and responding swiftly to cyber threats. SentinelOne enables businesses to protect their endpoints, cloud workloads, containers, and identities, as well as their mobile and network-connected devices, with unparalleled speed, accuracy, and ease of use. With a formidable clientele comprising over 11,000 customers, SentinelOne has proven itself as the trusted guardian of a secure digital future.

Spotlight

More featured news

Spotlight

Related News

Network Threat Detection

Juniper Networks Unveils the Industry’s First Distributed Security Services Architecture for Unmatched Scalability and Operational Simplicity

Business Wire | October 20, 2023

Juniper Networks (NYSE: JNPR), the leader in secure, AI-driven networks, today announced the expansion of its Connected Security portfolio with new products and capabilities that empower organizations to seamlessly extend security services and Zero Trust policies across distributed data center environments. The new Juniper Connected Security Distributed Services Architecture uniquely integrates Juniper’s unified security management paradigm with best-in-class routing and AI-Predictive Threat Prevention to bring much-needed operational simplicity and scale to data center security. In addition, four new high-performance firewall platforms deliver unmatched performance in a compact footprint that minimizes cost, space and power consumption. With the adoption of edge computing, multicloud, 5G and IoT, business data is increasingly distributed across geographically dispersed locations, making it harder to secure and manage. To adapt to this changing environment, organizations need a new modern data center architecture that delivers reliability through automated data center operations, scalable performance to support the most stringent workloads (e.g., AI model training) and comprehensive data security, regardless of where the data resides. The newest enhancements to Juniper’s Connected Security portfolio provide a secure bridge for customers to facilitate their transition to a modern data center, at their own pace. This is achieved via the following unique innovations: Juniper’s Connected Security Distributed Services Architecture: Juniper is the first in the industry to deliver an architecture design that fully decouples the forwarding and security services layers that have traditionally been combined in a single firewall appliance. By decoupling these layers, customers can utilize their existing Juniper MX series routers as an intelligent forwarding engine and load balancer. This unique design gives customers independent scaling flexibility without chassis limitations, multi-path resiliency and cost efficiency. When coupled with Juniper Security Director Cloud, the operational experience is as simple as managing one logical element, regardless of the quantities and form factors of any additional firewall engines added to the architecture. AI-Predictive Threat Prevention: Building on Juniper’s Adaptive Threat Profiling and Encrypted Traffic Insights, AI-Predictive Threat Prevention automatically generates custom signatures unique to the customer’s environment through a proxy-less architecture. Coupled with AI, customers gain even more effective malware prevention at line rate. Additionally, the enhanced URL filtering solution provides more granular control, with more than 200 categories to choose from and support for up to 200 languages, as well as a new portal for better insights on web content and easy recategorization. The AI-powered security solution enables customers and partners to predict and find real threats faster, leaving human experts to focus on more strategic security tasks. Four new best-in-class high-performance firewalls: The new Juniper Networks SRX firewalls (SRX1600, SRX2300, SRX4300, SRX4700) are 1RU in size, scale up to 1.4 Tbps and include built-in Zero Trust capabilities, delivering the industry’s highest firewall throughput performance per rack unit. The new platforms feature wire-speed MACsec along with natively embedded TPM 2.0 chips and cryptographically signed device IDs that allow security administrators and network operators to easily verify the trust posture of devices remotely and mitigate the risks of supply chain attacks. These new firewalls, like the whole SRX family, support industry-standard EVPN-VXLAN Type 5 integration, providing full fabric awareness to security operators and allowing them to respond to threats faster. When combined with Juniper’s Connected Security Distributed Services Architecture, these additions to the Juniper SRX series family offer customers even more options to build and expand their data center architectures securely and with sustainability objectives top of mind.

Read More

Software Security

IBM Announces New AI-Powered Threat Detection and Response Services

PR Newswire | October 06, 2023

IBM (NYSE: IBM) today unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts,1 helping to accelerate security response timelines for clients. The new Threat Detection and Response Services (TDR) provide 24x7 monitoring, investigation, and automated remediation of security alerts from all relevant technologies across client's hybrid cloud environments – including existing security tools and investments, as well as cloud, on-premise, and operational technologies (OT). The managed services are delivered by IBM Consulting's global team of security analysts via IBM's advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company's vast global security network – helping automate away the noise while quickly escalating critical threats. Security teams today are not just outnumbered by attackers, but also by the number of vulnerabilities, alerts and security tools and systems they're tasked with managing on a day-to-day basis, said Chris McCurdy, General Manager, Worldwide IBM Consulting Cybersecurity Services. By combining advanced analytics and real-time threat intelligence with human expertise, IBM's new Threat Detection and Response Services can augment organization's security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow's threats. Intelligently Adapting Threat Defenses The new TDR Services are underpinned by a set of AI-powered security technologies that support thousands of clients across the world, monitoring billions of potential security events per day. It leverages AI models that continuously learn from real-world client data, including security analyst responses, engineered to automatically close low priority and false positive alerts based on a client-defined confidence level. This capability also automatically escalates high risk alerts that require immediate action by security teams and provides investigation context. IBM's TDR Services are designed to provide: Crowdsourced detection rules, Optimized alerts. Leveraging real-time insights from IBM's threat management engagements, the new services use AI to continuously assess and auto-recommend the most effective detection rules – helping to improve alert quality, and speed response times. This capability helped reduce low-value SIEM alerts by 45% and auto escalate 79% more high-value alerts that required immediate attention2. Organizations can approve and update detection rules with just two clicks through its co-managed portal. MITRE ATT&CK assessment. To stay prepared for ransomware and wipe-out attacks, organizations will be able to see how their environment is covering MITRE ATT&CK framework tactics, techniques, and procedures as compared to their industry and geography peers. By applying AI, the new services are designed to reconcile the multiple detection tools and policies currently in place at an organization, providing an enterprise view into how to best detect threats and assess gaps to update within an ATT&CK framework. Seamless end-to-end integration. With its open API approach, the new services can quickly integrate with a client's enterprise-wide security assets, whether on premise or in the cloud. Organizations can continue to access their ecosystem while also having the option to connect and collaborate and define their own response playbooks through a co-managed portal. This provides a unified enterprise view, precise remediation capabilities, and consistently enforces security policies across IT & OT. 24x7 global support. Organizations will have access to more than 6,000 IBM Cybersecurity Services professionals across the globe 24/7 x 365 to help augment security programs. IBM Consulting Cybersecurity Services' vast global network serves more than 3,000 clients around the world – managing more than 2 million endpoints and 150 billion security events per day. "Security leaders today are trying to escape the vicious cycle of staff shortages, increased threats, and rising demands from the C-Suite to mature their cyber program without breaking the bank. For many organizations the old playbook of swapping out their tools for a vendor's preferred platform does not work, as they cannot afford to write off prior SOC investments," said Craig Robinson, IDC Research VP of Security Services. "A service like IBM's Threat Detection and Response offering can provide an off-ramp to these concerns, without requiring a full rip-and-replace of their prior security investments and help shift their human capital in the SOC to more of a proactive mode." To support continuous improvement for security operations capabilities, IBM's TDR Services, which are now available, include access to IBM's X- Force Incident Response Services along with the option to include additional proactive security services from IBM X-Force, such as penetration testing, adversary simulation or vulnerability management. X-Force will also provide guidance to help clients improve their security operations over time, based on the current threat landscape, clients' evolving IT environment, and insights gleaned from engagements with thousands of IBM Cybersecurity Services clients around the world.

Read More

Network Threat Detection

Fortinet Focuses on Business Growth to Drive Cybersecurity Innovation

Fortinet | November 06, 2023

Fortinet prioritizes secure networking, universal SASE, and security operations to expand globally and innovate in cybersecurity. Secure networking is estimated to reach $86 billion by 2027 and universal SASE $36 billion, aligning with the strategic change. Focusing on cybersecurity growth strengthens Fortinet's commitment to customer value and innovation. Fortinet, a global leader in cybersecurity, is focusing its business strategy on high-growth markets, emphasizing secure networking, universal secure access service edge (SASE), and security operations. This shift will drive innovation and reinforce its commitment to customers. Fortinet is reorganizing its research & development (R&D) and go-to-market (GTM) strategies around the three markets mentioned. They will develop integrated and advanced products to cater to these areas. Fortinet operates globally, serving hyperscale customers and promoting cybersecurity technologies. The three core markets Fortinet is concentrating on are secure networking, universal SASE, and security operations. These markets are expected to experience substantial growth, and Fortinet has a competitive advantage in them. This strategy aims to expand Fortinet's global business and provide value to its customers. The company is aligning with areas of high demand in the cybersecurity sector. Its current collection of organically developed and integrated products and services enjoys a notable competitive edge in the aforementioned three crucial markets: The market for secure networking is anticipated to reach $86 billion by 2027, expanding at a rate of nearly nine percent per year. 5G gateways, network firewalls, secure switches, and access points comprise the majority of its composition. With the expansion of its firewall business, Fortinet anticipates a corresponding increase in revenue for its FortiGuard Security Services, which are propelled by artificial intelligence (AI). Secure networking remains an integral component of Fortinet's strategy, given that it dominates both firewall revenues and units shipped in its greatest addressable market. Also, by 2027, the universal SASE market is anticipated to reach $36 billion, representing an annual expansion of nearly 20%. The system integrates various cloud-native networking and security technologies, including SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), data loss prevention (DLP), zero-trust network access (ZTNA), SASE, and others. Its purpose is to streamline the process of implementing a zero-trust strategy. All functions of the SASE solution developed by Fortinet can be executed either in an appliance or in the cloud. This capability is facilitated by a unified management console, networking and security layer, and operating system. Recently, Fortinet was positioned in the inaugural Gartner Magic Quadrant for Single-Vendor SASE in 2023. Lastly, the security operations market is anticipated to reach $78 billion by 2027, expanding at slightly more than 14% per year. Fortinet's SecOps platform is the most comprehensive, integrated, and broad in the industry, enabling organizations to gain control and insight into their distributed operations through security orchestration, endpoint detection and response (EDR), automation and response (SOAR), security information and event management (SIEM), network detection and response (NDR), and additional integrated enterprise-grade cybersecurity technologies. Complementing Fortinet's R&D expenditures are strategic realignments in its GTM investments, concentrating on security operations, universal SASE, and secure networking. With the assistance of marketing support and training, sales will be structured in accordance with these three strategic areas in order to increase market penetration and consumer engagement.

Read More

Network Threat Detection

Juniper Networks Unveils the Industry’s First Distributed Security Services Architecture for Unmatched Scalability and Operational Simplicity

Business Wire | October 20, 2023

Juniper Networks (NYSE: JNPR), the leader in secure, AI-driven networks, today announced the expansion of its Connected Security portfolio with new products and capabilities that empower organizations to seamlessly extend security services and Zero Trust policies across distributed data center environments. The new Juniper Connected Security Distributed Services Architecture uniquely integrates Juniper’s unified security management paradigm with best-in-class routing and AI-Predictive Threat Prevention to bring much-needed operational simplicity and scale to data center security. In addition, four new high-performance firewall platforms deliver unmatched performance in a compact footprint that minimizes cost, space and power consumption. With the adoption of edge computing, multicloud, 5G and IoT, business data is increasingly distributed across geographically dispersed locations, making it harder to secure and manage. To adapt to this changing environment, organizations need a new modern data center architecture that delivers reliability through automated data center operations, scalable performance to support the most stringent workloads (e.g., AI model training) and comprehensive data security, regardless of where the data resides. The newest enhancements to Juniper’s Connected Security portfolio provide a secure bridge for customers to facilitate their transition to a modern data center, at their own pace. This is achieved via the following unique innovations: Juniper’s Connected Security Distributed Services Architecture: Juniper is the first in the industry to deliver an architecture design that fully decouples the forwarding and security services layers that have traditionally been combined in a single firewall appliance. By decoupling these layers, customers can utilize their existing Juniper MX series routers as an intelligent forwarding engine and load balancer. This unique design gives customers independent scaling flexibility without chassis limitations, multi-path resiliency and cost efficiency. When coupled with Juniper Security Director Cloud, the operational experience is as simple as managing one logical element, regardless of the quantities and form factors of any additional firewall engines added to the architecture. AI-Predictive Threat Prevention: Building on Juniper’s Adaptive Threat Profiling and Encrypted Traffic Insights, AI-Predictive Threat Prevention automatically generates custom signatures unique to the customer’s environment through a proxy-less architecture. Coupled with AI, customers gain even more effective malware prevention at line rate. Additionally, the enhanced URL filtering solution provides more granular control, with more than 200 categories to choose from and support for up to 200 languages, as well as a new portal for better insights on web content and easy recategorization. The AI-powered security solution enables customers and partners to predict and find real threats faster, leaving human experts to focus on more strategic security tasks. Four new best-in-class high-performance firewalls: The new Juniper Networks SRX firewalls (SRX1600, SRX2300, SRX4300, SRX4700) are 1RU in size, scale up to 1.4 Tbps and include built-in Zero Trust capabilities, delivering the industry’s highest firewall throughput performance per rack unit. The new platforms feature wire-speed MACsec along with natively embedded TPM 2.0 chips and cryptographically signed device IDs that allow security administrators and network operators to easily verify the trust posture of devices remotely and mitigate the risks of supply chain attacks. These new firewalls, like the whole SRX family, support industry-standard EVPN-VXLAN Type 5 integration, providing full fabric awareness to security operators and allowing them to respond to threats faster. When combined with Juniper’s Connected Security Distributed Services Architecture, these additions to the Juniper SRX series family offer customers even more options to build and expand their data center architectures securely and with sustainability objectives top of mind.

Read More

Software Security

IBM Announces New AI-Powered Threat Detection and Response Services

PR Newswire | October 06, 2023

IBM (NYSE: IBM) today unveiled the next evolution of its managed detection and response service offerings with new AI technologies, including the ability to automatically escalate or close up to 85% of alerts,1 helping to accelerate security response timelines for clients. The new Threat Detection and Response Services (TDR) provide 24x7 monitoring, investigation, and automated remediation of security alerts from all relevant technologies across client's hybrid cloud environments – including existing security tools and investments, as well as cloud, on-premise, and operational technologies (OT). The managed services are delivered by IBM Consulting's global team of security analysts via IBM's advanced security services platform, which applies multiple layers of AI and contextual threat intelligence from the company's vast global security network – helping automate away the noise while quickly escalating critical threats. Security teams today are not just outnumbered by attackers, but also by the number of vulnerabilities, alerts and security tools and systems they're tasked with managing on a day-to-day basis, said Chris McCurdy, General Manager, Worldwide IBM Consulting Cybersecurity Services. By combining advanced analytics and real-time threat intelligence with human expertise, IBM's new Threat Detection and Response Services can augment organization's security defenses with a capability that is scalable, continuously improving and strong enough for tomorrow's threats. Intelligently Adapting Threat Defenses The new TDR Services are underpinned by a set of AI-powered security technologies that support thousands of clients across the world, monitoring billions of potential security events per day. It leverages AI models that continuously learn from real-world client data, including security analyst responses, engineered to automatically close low priority and false positive alerts based on a client-defined confidence level. This capability also automatically escalates high risk alerts that require immediate action by security teams and provides investigation context. IBM's TDR Services are designed to provide: Crowdsourced detection rules, Optimized alerts. Leveraging real-time insights from IBM's threat management engagements, the new services use AI to continuously assess and auto-recommend the most effective detection rules – helping to improve alert quality, and speed response times. This capability helped reduce low-value SIEM alerts by 45% and auto escalate 79% more high-value alerts that required immediate attention2. Organizations can approve and update detection rules with just two clicks through its co-managed portal. MITRE ATT&CK assessment. To stay prepared for ransomware and wipe-out attacks, organizations will be able to see how their environment is covering MITRE ATT&CK framework tactics, techniques, and procedures as compared to their industry and geography peers. By applying AI, the new services are designed to reconcile the multiple detection tools and policies currently in place at an organization, providing an enterprise view into how to best detect threats and assess gaps to update within an ATT&CK framework. Seamless end-to-end integration. With its open API approach, the new services can quickly integrate with a client's enterprise-wide security assets, whether on premise or in the cloud. Organizations can continue to access their ecosystem while also having the option to connect and collaborate and define their own response playbooks through a co-managed portal. This provides a unified enterprise view, precise remediation capabilities, and consistently enforces security policies across IT & OT. 24x7 global support. Organizations will have access to more than 6,000 IBM Cybersecurity Services professionals across the globe 24/7 x 365 to help augment security programs. IBM Consulting Cybersecurity Services' vast global network serves more than 3,000 clients around the world – managing more than 2 million endpoints and 150 billion security events per day. "Security leaders today are trying to escape the vicious cycle of staff shortages, increased threats, and rising demands from the C-Suite to mature their cyber program without breaking the bank. For many organizations the old playbook of swapping out their tools for a vendor's preferred platform does not work, as they cannot afford to write off prior SOC investments," said Craig Robinson, IDC Research VP of Security Services. "A service like IBM's Threat Detection and Response offering can provide an off-ramp to these concerns, without requiring a full rip-and-replace of their prior security investments and help shift their human capital in the SOC to more of a proactive mode." To support continuous improvement for security operations capabilities, IBM's TDR Services, which are now available, include access to IBM's X- Force Incident Response Services along with the option to include additional proactive security services from IBM X-Force, such as penetration testing, adversary simulation or vulnerability management. X-Force will also provide guidance to help clients improve their security operations over time, based on the current threat landscape, clients' evolving IT environment, and insights gleaned from engagements with thousands of IBM Cybersecurity Services clients around the world.

Read More

Network Threat Detection

Fortinet Focuses on Business Growth to Drive Cybersecurity Innovation

Fortinet | November 06, 2023

Fortinet prioritizes secure networking, universal SASE, and security operations to expand globally and innovate in cybersecurity. Secure networking is estimated to reach $86 billion by 2027 and universal SASE $36 billion, aligning with the strategic change. Focusing on cybersecurity growth strengthens Fortinet's commitment to customer value and innovation. Fortinet, a global leader in cybersecurity, is focusing its business strategy on high-growth markets, emphasizing secure networking, universal secure access service edge (SASE), and security operations. This shift will drive innovation and reinforce its commitment to customers. Fortinet is reorganizing its research & development (R&D) and go-to-market (GTM) strategies around the three markets mentioned. They will develop integrated and advanced products to cater to these areas. Fortinet operates globally, serving hyperscale customers and promoting cybersecurity technologies. The three core markets Fortinet is concentrating on are secure networking, universal SASE, and security operations. These markets are expected to experience substantial growth, and Fortinet has a competitive advantage in them. This strategy aims to expand Fortinet's global business and provide value to its customers. The company is aligning with areas of high demand in the cybersecurity sector. Its current collection of organically developed and integrated products and services enjoys a notable competitive edge in the aforementioned three crucial markets: The market for secure networking is anticipated to reach $86 billion by 2027, expanding at a rate of nearly nine percent per year. 5G gateways, network firewalls, secure switches, and access points comprise the majority of its composition. With the expansion of its firewall business, Fortinet anticipates a corresponding increase in revenue for its FortiGuard Security Services, which are propelled by artificial intelligence (AI). Secure networking remains an integral component of Fortinet's strategy, given that it dominates both firewall revenues and units shipped in its greatest addressable market. Also, by 2027, the universal SASE market is anticipated to reach $36 billion, representing an annual expansion of nearly 20%. The system integrates various cloud-native networking and security technologies, including SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), data loss prevention (DLP), zero-trust network access (ZTNA), SASE, and others. Its purpose is to streamline the process of implementing a zero-trust strategy. All functions of the SASE solution developed by Fortinet can be executed either in an appliance or in the cloud. This capability is facilitated by a unified management console, networking and security layer, and operating system. Recently, Fortinet was positioned in the inaugural Gartner Magic Quadrant for Single-Vendor SASE in 2023. Lastly, the security operations market is anticipated to reach $78 billion by 2027, expanding at slightly more than 14% per year. Fortinet's SecOps platform is the most comprehensive, integrated, and broad in the industry, enabling organizations to gain control and insight into their distributed operations through security orchestration, endpoint detection and response (EDR), automation and response (SOAR), security information and event management (SIEM), network detection and response (NDR), and additional integrated enterprise-grade cybersecurity technologies. Complementing Fortinet's R&D expenditures are strategic realignments in its GTM investments, concentrating on security operations, universal SASE, and secure networking. With the assistance of marketing support and training, sales will be structured in accordance with these three strategic areas in order to increase market penetration and consumer engagement.

Read More

More featured news