Best-of-Breed Identity Threat Detection and Response Meets Best-of-Breed XDR
These are exciting times for SentinelOne and the Singularity XDR platform. Attivo is a highly differentiated Identity Security platform serving over 300 global enterprises. With the acquisition of Attivo, we are gaining an immensely valuable set of Identity Security capabilities in aid of the core foundations of our XDR Strategy: visibility, detection and protection.
In this post, we will look at how Identity Security will merge seamlessly into the Singularity platform, the benefits it will bring, and the power it will offer our customers as part of a single, unified platform for XDR.
ITDR (Identity Threat Detection and Response) As A Natural Extension to XDR
The Singularity platform offers a unique balance of speed, scale and simplicity for solving detection and response problems across every security surface – Endpoint, Cloud, Mobile, iOT, Network, Storage and now Identity. Our platform ingests and processes just under 1.5 trillion events per day, offering faster queries, longer data retention periods and more automated workflows than any other single platform. As we have spoken about before, Singularity is both a Native and an Open XDR platform. This is why, within a single month, you see us launch multiple open XDR partnerships alongside the recent introduction of native Identity coverage with the addition of Attivo into the fold of Singularity.
We have been closely monitoring the Identity space from multiple angles in the past year – from being a critical surface in its own right to its impact on Zero Trust strategies and naturally also on XDR. We identified several key areas in which our platform could evolve and Attivo’s portfolio of solutions matched that need. The fact that the Attivo team, led by Tushar, Venu and Srikant look at the landscape in such a similar way made this a perfect fit.
Attivo | A Market Leading Identity Platform
In the past 24 months, Attivo have evolved their own platform to address the key challenges of Identity Threat Detection and Response. Much like the paradigm shift that EDR brought to the Endpoint space, Attivo have managed to make a significant impact to the security of their customers by addressing key workflows relating to the creation of visibility, protection and remediation of Identity based risks on Devices, Domain Controllers, Active Directory and the Network.
Attivo have delivered a market leading Identity platform addressing three main customer needs:
- Identity Threat Detection and Response
- Identity Infrastructure Assessment
- Identity Deception and Insider Threat Protection
The entire portfolio will be holistically integrated into the Singularity XDR platform.
Thanks to the open nature of Singularity, we are able to rapidly deliver multiple layers of XDR synergies with Attivo’s offerings – ranging from the Ingestion of Critical Identity data to Contextualised Threats and the exposure of new Remediation Actions. Our ability to integrate with such ease is based on various existing platform components – from the underlying XDR Data platform to AI and Automation elements such as Storyline and Singularity Marketplace. Delivering a unified experience is a significant element of our strategy – this means that we will look to introduce integration points between Attivo and multiple other Singularity products such as Remote Script Orchestration and Ranger.
How Customers Will Benefit From Attivo Integration With Singularity XDR
Here are some examples of upcoming improvements to the Singularity XDR platform thanks to the merging of SentinelOne and Attivo that will be available for our customers and partners soon.
- Enhanced Identity and Credential protection thanks to the combined research and detection efforts – for both Endpoints and Domain Controllers.
The Attivo platform delivers market leading coverage of the newly announced MITRE Engage framework, which alongside SentinelOne’s proven MITRE ATT&CK leadership offers our customers maximal alignment to the critical mappings MITRE has created. Furthermore, Attivo also brings valuable additions to our existing Endpoint Protection capabilities such as Credential Theft, Lateral Movement and Privilege Escalation.
- Expansion of our Attack Surface Management and Environment Hardening utilising the synergies between Ranger and Attivo’s Risk Management offering – now covering Endpoint, Network, IoT AND Active Directory.
Since its introduction, Singularity Ranger has evolved from an IoT solution to a complete Attack Surface Reduction product, creating visibility into unmanaged devices and network mapping and improving vulnerability and application management. Combined with AD Assessor, Ranger will expand its coverage to address significant Zero Trust needs. Attivo offers continuous, real-time monitoring and analysis of Identity risk and vulnerability based on Active Directory Analysis. Our customers can now analyse risk but also remediate vulnerable Desktops, Servers, Workflows, Domain Controllers, Active Directories and User Accounts – all from one platform.
- Increased Identity context based on a combination of SentinelOne and Attivo’s existing visibility and the combined tech-partnership strategy of both vendors, as facilitating faster Triage and Root cause Analysis.
Moving forward, we’ll be adding significant enhancements to the already robust context that is part of every SentinelOne alert. Identity centric insight such as information about users, their accounts, entitlements, authentication techniques and more will all help provide an even more actionable and insightful triage and investigation process.
- More effective Incident Response.
SentinelOne’s arsenal of response capabilities, ranging from rollback to scaled peer-to-peer deployment and cross platform script orchestration, will be integrated with Attivo to expand the types of response alongside enabling the seamless utilisation of all capabilities regardless of which platform component is being used. In the near future, we’ll be introducing several Identity-centric response workflows focusing on delivering Secure Access to achieve Zero Trust initiatives
Parting Thoughts
The above is just a taste of what we’ll be working on. We now also have the benefit of delivering on a shared roadmap, with multiple exciting Singularity XDR – Identity products and features just around the corner.
We are 100% committed to offering a single, unified platform for XDR. Unlike other vendors, who in recent times have acquired or introduced new technologies without actually integrating them in a sustainable way – we already have a crystal clear path for integration of the two platforms and it’s already started.
Best-of-Breed Identity Detection and Response meets Best-of-Breed XDR – the sky’s the limit.
If you would like to learn more about how SentinelOne Singuarlity XDR can protect your organization, contact us or request a free demo.
Leave a Reply
Want to join the discussion?Feel free to contribute!