Building Blocks For Your XDR Journey, Part 1 | Extending Beyond the Endpoint

/0 Comments/in /by

A Guest Post by Mark Harris, former Senior Director Analyst at Gartner

In the cyber security industry, there is a never-ending cat-and-mouse game between adversaries who create new exploits and defenders who devise ways to stop them. As soon as a defender finds a way to stop one type of cyber attack, the adversaries create a new type of attack. As a result, cyber security is a never-ending cat-and-mouse game, with defenders always playing catch-up. New products and solutions are constantly emerging to address rising threats, while existing products adapt or merge with other solutions. The goal is to stay one step ahead of the attackers, but it’s an ongoing battle that is unlikely to ever be won definitively without an effective cybersecurity strategy.

This multi-part blog series provides an overview and guidance on how to develop a successful cybersecurity strategy for your organization. In Part 1, we focus on why organizations need to extend protection beyond the endpoint to stay ahead of adversaries.

The XDR Advantage

Endpoint Detection and Response (EDR) has quickly become an integral part of endpoint protection (EPP), but as attackers have got more sophisticated, detection and response has needed to evolve beyond just the endpoint; extended Detection and Response (XDR)  provides three key capabilities.

  1. Combine alerts from multiple security tools into a single incident to improve the efficiency and effectiveness of security teams. Reducing the gap in visibility and the time taken to investigate and triage incidents meaning incidents are contained more quickly.
  2. Correlate “weak” signals (low priority alerts) from multiple security sources to create new detections that may not be identified when those signals are in a silo or viewed in isolation.
  3. Automatically respond to threats detected across multiple products.

For example, a user trying to log in to a machine and failing may mean they’ve forgotten their password. But if multiple users try and fail, that could be an attacker. If a user then successfully logs in and starts running administration tools to download files or change configuration, then it’s a much stronger indication that an attacker is in the network.

Those multi-events and the subsequent detection should be presented as a single incident that needs investigation. The response also needs to be automatic and  could be to isolate the affected machine and force the user to re-authenticate.

Moving Beyond SIEM and SOAR

For many years the main tool for the security operations center (SOC) was Security Information Event Management (SIEM), but these tools were often more focused on log collection than correlation and relied on the SOC team expertise to manage and process the large volume of data and alerts. Any response would often need to be handled through a separate security orchestration, automation, and response (SOAR) tool.

These tools required dedicated, highly skilled teams to sift through the vast amount of information to try and identify incidents. More often than not, SIEM and SOAR are used post-incident to understand and remediate what happened rather than a detection and response capability.

EDR addressed a lot of the overhead of managing endpoint focused threats; collecting events and data in a central cloud-based infrastructure gave security teams the ability to hunt for threats across an entire organization, giving them visibility to reduce the time to detect a threat significantly. SentinelOne’s automation and remediation means threats can be quickly identified and resolved often with minimal effort allowing security teams more time to carry out these investigations.

In the case of managed service providers or SentinelOne’s own Vigilance service, that visibility is across all customers using the service.  Storyline™ not only provides security teams with curated automated correlation but also the ability to quickly and easily add new rules specific to their organization.

Protecting the Organization, Not Just the Device

Today, threat actors are not just targeting individual, single machines; they are targeting an organization as a whole. The first machine to be compromised is just the starting point. From that initial entry, the attacker can carry out further surveillance and move through the network to identify valuable data before stealing it. Whilst EDR tools are very effective, there only needs to be one weak link for the attacker to exploit.

Ensuring that endpoint protection and EDR are deployed on every single machine is one of the biggest challenges for IT operations teams. Although achieving that 100% deployment is rarely achievable for all but the smallest of organizations, tools like SentinelOne Ranger provide the visibility into the network to find any unmanaged or unauthorized devices.

XDR goes beyond just the endpoint and provides the integration and correlation of events and alerts across a wide range of security tools to improve visibility, reduce the time to detect even further and then respond quickly. The IBM data breach report estimates that deploying XDR can reduce the time to detect by a month.

What Do Vendors Mean By “XDR”?

While the need for XDR is clear, vendors don’t all agree on what the term means or how XDR solutions should be delivered. The term ‘XDR’ is perhaps one of the most overused terms in cybersecurity today.

There are a number of interpretations of how to deliver XDR.

  1. Single Vendor XDR – All the security tools are provided by a single vendor. There is limited integration with other tools, usually limited to just ingesting logs and alerts. Choosing a single vendor XDR solution is a complex, risky and expensive approach. Migrating security tools takes time, and existing licenses will have to be paid whilst the migration is done. There is also no guarantee that the solutions from a single vendor will meet an organization’s needs.
  2. SIEM XDR – Several of the SIEM vendors are combining traditional SIEM functionality with SOAR and claiming XDR, but these solutions don’t have automated threat detection capabilities.
  3. Managed XDR – Managed service providers can provide the capabilities of XDR by integrating multiple tools into their services. Although it may deliver on the outcomes, the service relies on the MSP SOC team and functionality.
  4. Open XDR Platform – Provides a platform that can integrate multiple products from different vendors and correlate those events. To be effective, the integration needs to be both ways, receiving alerts from a product but also being able to automatically send response actions. One of the key advantages of an OpenXDR platform is that rather than replacing existing solutions, they can be integrated into the platform, and the benefits of XDR are realized much sooner.

SentinelOne has built an open XDR  platform that provides a flexible and scalable solution. Singularity™ XDR integrates with both the broad range of SentinelOne products and services as well as with leading third party security providers such as Mimecast for Email security. It includes the automation, AI and ML capabilities to quickly get the benefits of XDR and provide a scalable, extensible platform to build upon.

Conclusion

XDR is the natural progression of EDR, moving beyond the endpoint to the rest of the security infrastructure, including identity and cloud security. XDR is a journey, and as threats evolve the XDR platform needs to be able to grow and adapt. XDR isn’t necessarily just selecting a solution, it’s choosing a strategy and a strategic partner. SentinelOne provides that vision and strategy to help organizations deliver on the promise of XDR and protect the whole organization.

If you would like to learn more about SentinelOne Singularity XDR platform, contact us for more information or request a free demo.

SentinelOne Singularity XDR
Supercharge. Fortify. Automate. Extend protection with unfettered visibility, proven protection, and unparalleled response. Discover the power of autonomous with Singularity XDR.

Learn More

About the Author

Mark Harris is a Cybersecurity advisor and former Senior Director Analyst at Gartner with over 25 years of experience. At Gartner Harris was the author of a variety of market shaping research for Endpoint Protection and EDR including the EPP Magic Quadrant and Critical Capabilities as well as Market Guides and research on ransomware and other threats.

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

/0 Comments/in /by

A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.

Some of the fake profiles flagged by the co-administrator of a popular sustainability group on LinkedIn.

Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen, Chevron, ExxonMobil, and Hewlett Packard.

Since then, the response from LinkedIn users and readers has made clear that these phony profiles are showing up en masse for virtually all executive roles — but particularly for jobs and industries that are adjacent to recent global events and news trends.

Hamish Taylor runs the Sustainability Professionals group on LinkedIn, which has more than 300,000 members. Together with the group’s co-owner, Taylor said they’ve blocked more than 12,700 suspected fake profiles so far this year, including dozens of recent accounts that Taylor describes as “cynical attempts to exploit Humanitarian Relief and Crisis Relief experts.”

“We receive over 500 fake profile requests to join on a weekly basis,” Taylor said. “It’s hit like hell since about January of this year. Prior to that we did not get the swarms of fakes that we now experience.”

The opening slide for a plea by Taylor’s group to LinkedIn.

Taylor recently posted an entry on LinkedIn titled, “The Fake ID Crisis on LinkedIn,” which lampooned the “60 Least Wanted ‘Crisis Relief Experts’ — fake profiles that claimed to be experts in disaster recovery efforts in the wake of recent hurricanes. The images above and below show just one such swarm of profiles the group flagged as inauthentic. Virtually all of these profiles were removed from LinkedIn after KrebsOnSecurity tweeted about them last week.

Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Mark Miller is the owner of the DevOps group on LinkedIn, and says he deals with fake profiles on a daily basis — often hundreds per day. What Taylor called “swarms” of fake accounts Miller described instead as “waves” of incoming requests from phony accounts.

“When a bot tries to infiltrate the group, it does so in waves,” Miller said. “We’ll see 20-30 requests come in with the same type of information in the profiles.”

After screenshotting the waves of suspected fake profile requests, Miller started sending the images to LinkedIn’s abuse teams, which told him they would review his request but that he may never be notified of any action taken.

Some of the bot profiles identified by Mark Miller that were seeking access to his DevOps LinkedIn group. Miller said these profiles are all listed in the order they appeared.

Miller said that after months of complaining and sharing fake profile information with LinkedIn, the social media network appeared to do something which caused the volume of group membership requests from phony accounts to drop precipitously.

“I wrote our LinkedIn rep and said we were considering closing the group down the bots were so bad,” Miller said. “I said, ‘You guys should be doing something on the backend to block this.”

Jason Lathrop is vice president of technology and operations at ISOutsource, a Seattle-based consulting firm with roughly 100 employees. Like Miller, Lathrop’s experience in fighting bot profiles on LinkedIn suggests the social networking giant will eventually respond to complaints about inauthentic accounts. That is, if affected users complain loudly enough (posting about it publicly on LinkedIn seems to help).

Lathrop said that about two months ago his employer noticed waves of new followers, and identified more than 3,000 followers that all shared various elements, such as profile photos or text descriptions.

“Then I noticed that they all claim to work for us at some random title within the organization,” Lathrop said in an interview with KrebsOnSecurity. “When we complained to LinkedIn, they’d tell us these profiles didn’t violate their community guidelines. But like heck they don’t! These people don’t exist, and they’re claiming they work for us!”

Lathrop said that after his company’s third complaint, a LinkedIn representative responded by asking ISOutsource to send a spreadsheet listing every legitimate employee in the company, and their corresponding profile links.

Not long after that, the phony profiles that were not on the company’s list were deleted from LinkedIn. Lathrop said he’s still not sure how they’re going to handle getting new employees allowed into their company on LinkedIn going forward.

It remains unclear why LinkedIn has been flooded with so many fake profiles lately, or how the phony profile photos are sourced. Random testing of the profile photos shows they resemble but do not match other photos posted online. Several readers pointed out one likely source — the website thispersondoesnotexist.com, which makes using artificial intelligence to create unique headshots a point-and-click exercise.

Cybersecurity firm Mandiant (recently acquired by Googletold Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.

Fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.

In addition, identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.

But the Sustainability Group administrator Taylor said the bots he’s tracked strangely don’t respond to messages, nor do they appear to try to post content.

“Clearly they are not monitored,” Taylor assessed. “Or they’re just created and then left to fester.”

This experience was shared by the DevOp group admin Miller, who said he’s also tried baiting the phony profiles with messages referencing their fakeness. Miller says he’s worried someone is creating a massive social network of bots for some future attack in which the automated accounts may be used to amplify false information online, or at least muddle the truth.

“It’s almost like someone is setting up a huge bot network so that when there’s a big message that needs to go out they can just mass post with all these fake profiles,” Miller said.

In last week’s story on this topic, I suggested LinkedIn could take one simple step that would make it far easier for people to make informed decisions about whether to trust a given profile: Add a “created on” date for every profile. Twitter does this, and it’s enormously helpful for filtering out a great deal of noise and unwanted communications.

Many of our readers on Twitter said LinkedIn needs to give employers more tools — perhaps some kind of application programming interface (API) — that would allow them to quickly remove profiles that falsely claim to be employed at their organizations.

Another reader suggested LinkedIn also could experiment with offering something akin to Twitter’s verified mark to users who chose to validate that they can respond to email at the domain associated with their stated current employer.

In response to questions from KrebsOnSecurity, LinkedIn said it was considering the domain verification idea.

“This is an ongoing challenge and we’re constantly improving our systems to stop fakes before they come online,” LinkedIn said in a written statement. “We do stop the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scams. We’re also exploring new ways to protect our members such as expanding email domain verification. Our community is all about authentic people having meaningful conversations and to always increase the legitimacy and quality of our community.”

In a story published Wednesday, Bloomberg noted that LinkedIn has largely so far avoided the scandals about bots that have plagued networks like Facebook and Twitter. But that shine is starting to come off, as more users are forced to waste more of their time fighting off inauthentic accounts.

“What’s clear is that LinkedIn’s cachet as being the social network for serious professionals makes it the perfect platform for lulling members into a false sense of security,” Bloomberg’s Tim Cuplan wrote. “Exacerbating the security risk is the vast amount of data that LinkedIn collates and publishes, and which underpins its whole business model but which lacks any robust verification mechanisms.”

Top 8 Defenses MSPs Can Take Against Cyberattacks

/0 Comments/in /by

From small to medium businesses to critical infrastructure entities, more organizations are relying on MSPs to monitor, manage, and safeguard their data. In May, the Five Eyes intelligence alliance published a joint cybersecurity advisory warning MSPs about their role in growing supply chain attacks. Cybersecurity authorities and law enforcement agencies from across the United States, United Kingdom, Canada, Australia, and New Zealand reported MSPs being the targets of increased cyber threats including supply chain attacks, ransomware, and nation-state cyber espionage campaigns.

MSP organizations make up a significant portion of the collective cyber defense industry. In this post, we outline key actions that MSPs should be taking to shore up their defenses to ensure they are keeping themselves, and by extension, their customers safe from increasingly advanced cyberattacks.

MSPs | A Springboard for Malicious Cyber Threats

Managed Service Providers (MSPs) got their start during the dot-com era of the late 1990s. What began as internet service providers (ISPs) offering their clients firewall appliances and the operative services to go along with them later kickstarted the concept of managed security services. With time, MSPs evolved to full security service providers supporting organizations globally. Small to medium sized organizations needing support to build up their cybersecurity posture have turned to MSPs for affordable, scalable solutions and expert protection.

Now, cybersecurity has become a necessity for businesses operating in today’s ever-changing landscape. Legacy solutions such as anti-virus and anti-malware can no longer stave off advanced threat actors who do not discriminate based on the size of a target. For many organizations, the task of building a strong cybersecurity defense with limited resources can be daunting. This is where MSPs have come in to support.

So what makes MSPs such an attractive target for modern threat actors? Advanced Persistent Threat (APT) groups have set their sights on MSPs’ provider-customer network access. Customers of MSPs depend on their providers to store their data, manage communication platforms, and support their IT infrastructure. Due to the access MSPs have to all of their customer’s networks, threat actors see MSP businesses as a single entry point to a variety of targets – not stopping their attack on the MSP’s customers, but oftentimes, attacking their customer’s customers, too.

The Inherent Risks of MSP’s Service Pillars

In general, MSPs provide continuous security monitoring and management services to the customers they serve. Most MSPs offer subscription-based service models allowing them to tailor the support to the specific needs of each customer. Many businesses choose to work with MSPs to augment the abilities of their own in-house IT teams, others seek support achieving 24/7/365 coverage, and many rely on access to cybersecurity experts to help them maintain and manage all aspects of a cyber ecosystem.

MSPs, at the core, provide the following cybersecurity-focused services:

  • Continuous Intrusion Detection & Response
  • Identity & Privilege Access Management
  • Firewall Management & Monitoring
  • Patch & Vulnerability Management
  • Virtual Private Network (VPN) Management
  • Risk Evaluation & Compliance Management
  • Cybersecurity Expertise & Education

To provide these services, MSPs require their customers to provide them with privileged access to networks and trusted connectivity. With this in mind, threat actors capitalize on vulnerable MSPs rather than trying to target each of an MSP’s customers directly. After a successful breach, threat actors may also conduct cyber espionage on the MSP and its customers to prepare for future activities such as ransomware attacks and double extortion.

The Nature of Supply Chain Attacks

Cybercriminals are often opportunistic and always looking for ways to reach lucrative targets using the path of least resistance. Attacks against MSP businesses are emerging as cybercriminals leverage MSP’s intimate level of access to customer networks as an initial access vector. When one vulnerable service provider is successfully breached, suddenly all their downstream customers are at immediate risk of attack. The cascading effect on multiple victim networks is the defining risk of a supply chain attack. With the promise of greater rewards for less work, supply chain attacks will continue to be popular with cybercriminals.

Supply chain attacks have become more prevalent and made headlines by targeting critical infrastructure sectors globally in the last few years. As an extension to President Biden’s Executive Order on improving U.S. cybersecurity, the White House recently issued guidance on strengthening cybersecurity protections specifically combating supply chain attacks. The Executive Order was followed by a directive released by the National Institute of Standards and Technology (NIST) which outlines major security controls and practices for MSP adoption.

Key Defenses to Expect from MSP Businesses

With supply chain risks expected to continue, businesses turning to MSPs must ensure their providers put strategic safeguards in place to reduce these risks. MSPs are contractually obligated to ensure that their security architecture, governance, and capabilities are up to industry standards and need to regularly re-evaluate their cybersecurity strategy and processes to make sure they can meet recommended cybersecurity measures and controls.

1. Preventing Initial Compromise & Targeted Attacks

An MSP’s first step to preventing compromise is to harden vulnerable devices and remote access tools such as VPNs (virtual private networks). Vulnerability scanning is integral to this prevention as it helps MSPs protect their data as they continue to use their day-to-day software and web-facing applications. Targeted attacks such as password spraying, brute force attacks, and phishing campaigns can also be mitigated when MSPs shore up their internet-facing remote desktop (RDP) services.

2. Promoting Holistic Cyber Hygiene

MSPs should operate on cyber hygiene best practices to ensure the longevity of their operations. This means keeping internal tools and software up to date. Patching should be completed in a timely manner especially for firewall and VPN appliances.

MSPs should also establish app-based MFA for all devices and remote monitoring and management (RMM) tools and monitor often for failed login attempts – a typical sign of malicious activity.

Additionally, both the MSP and their customers should practice strict password management to ward off any malicious attempts at credential stuffing. Password management may include requirements for complexity, rotation, and expiration cycles.

3. Implementing a Zero Trust Model

The purpose of the zero trust model is to minimize the exposure of a network’s most sensitive data to unnecessary access. Each user is only given the level of access they require to perform their tasks. First, zero trust architecture requires all users and machines to authenticate before need-to-know permissions can be granted. Second, zero trust involves segmenting a network to isolate each part from the rest, making the entire network secure against threat actors attempting to spread laterally across systems.

4. Executing Proper Offboarding Procedures

IT offboarding entails the removal of obsolete accounts, instances, and tools should they no longer be required by a business. Accounts with shared passwords must be deleted, and in the case of employee transition, their user accounts will also need to be revoked. Port scanning tools and automated system inventories can help with the offboarding process as businesses perform regular audits on their network infrastructure.

5. Managing Regular Backups

Both MSPs and their customers should make sure they have redundant backup copies of all essential data and infrastructure such that the system or any part of it can be restored in the event of failure, loss or compromise. Backups should be stored remotely, either in the cloud or on a dedicated physical server. Best practices recommend both.

It is vital that backups are on separate systems, are encrypted, and frequently reviewed for anomalous access and data integrity. It’s also important to ensure that the backup policy is documented and that backups are made on a regular schedule.

As ransomware attacks evolve, many threat actors are exfiltrating their victim’s sensitive data in addition to encrypting it, ensuring they have additional leverage to collect the ransom demanded. This type of ransomware attack tactic is called double extortion and leaves the targeted MSP or client with the risk of having the stolen data published.

Triple extortion ransomware adds another element to the frenzy with the attackers directly approaching a victim’s clients or suppliers and demanding ransom from them as well. Their threat? Publication of their sensitive information and, increasingly, the launch of a Distributed-Denial-of-Service (DDoS) attack.

While backups are no longer enough to thwart ransomware attacks that exfiltrate and threaten to leak data, having regular backups means that businesses that have been hit by such attacks can still access data, carry out emergency communication processes, and implement their incident response plan, including resuming affected services.

6. Improving Internet of Things (IoT) Security

While the IoT industry has boomed in the past decade with internet and cloud-connected devices, the integration of smart devices to the workplace, and even smart vehicles and buildings, represents another risk factor. IoT devices suffer from a number of security issues, including known default passwords, outdated or vulnerable firmware, and public internet-facing ports. Further, IoT devices are often left unprotected as their restricted hardware resources are unsuitable for running endpoint security solutions. These extensions of a network could each become a potential access point for a threat actor to exploit. MSPs and their customers should ensure they implement network asset discovery to gain visibility into connected IoT devices and block those that are unauthorized.

7. Planning for Incident Response & Recovery

Having a clear, actionable plan in place in the case of a security event can determine how effectively a business responds to and recovers from cyber attack. Incident responses (IR) plans are crucial for building up cyber resilience and can help businesses identify the people, processes, and technologies that need to be bolstered. Plans should be practiced on a scheduled basis and updated often to ensure it is up to speed with current business requirements and newly-identified cyber attack trends.

8. Establishing 24/7 Autonomous Detection & Response

As threat actors continue to evolve and upgrade their methods of attack, MSPs need to establish an effective response strategy. In case of a security event, having a fast response time could mean the difference between breach and business continuity. MSPs often augment their in-house team with a robust detection and response solution to ensure the most efficient response time possible to protect their customers.

Conclusion

With the cyber threat landscape always in a state of flux and threat actors using increasingly sophisticated methods of attack, MSPs offer affordable and scalable protection to fit the needs of their customers. MSPs that base their security services on robust solutions such as XDR are able to prevent, detect, and respond to advanced persistent threats across their customer’s entire attack surface.

To effectively serve all its customers, MSPs globally have turned to SentinelOne’s Singularity™ Platform, allowing them to proactively resolve modern threats at machine speed. Learn how SentinelOne works with best-in-class security service providers to more effectively manage risk across user identities, endpoints, cloud workloads, IoT, and more.

SentinelOne Singularity XDR
Supercharge. Fortify. Automate. Extend protection with unfettered visibility, proven protection, and unparalleled response. Discover the power of autonomous with Singularity XDR.

Learn More

S Ventures Invests in Noetic Cyber for Complete Visibility and Control of Your Security Posture 

/0 Comments/in /by

The complexity of enterprise infrastructure continues to evolve as digital transformation and hybrid work introduces new types of assets and data across cloud and ephemeral resources, traditional on-premises infrastructure, and IoT. This growing technology sprawl increases the attack surface security teams need to manage, while making it more challenging to achieve the visibility to do so.

Making it achievable for organizations to manage and reduce the growing attack surface is at the heart of our mission at SentinelOne; through Singularity XDR, we created an open architecture to unify detection and response across the enterprise through a single data ingestion and analytics platform.

That is why S Ventures is excited about our investment in Noetic Cyber, a leading Continuous Cyber Asset Management & Controls Platform and the latest addition to our growing portfolio of security and data innovators. Led by a strong team of operators and repeat entrepreneurs, Noetic shares our philosophy of solving for visibility and the growing attack surface. Noetic empowers security teams with a proactive, continuous assessment and improvement of their cyber posture.

Noetic Cyber CEO & Co-founder Paul Ayers has previously said of the S Ventures investment:

“Together with S Ventures and Singularity XDR, we’re empowering security teams with critical insights and asset intelligence to help them better manage their attack surface and reduce cyber risk.”

Operating in the emerging Cyber Asset Attack Surface Management (CAASM) space, the Noetic platform provides customers with an end-to-end platform to manage cyber risk.

“Noetic Cyber offers a novel approach to the cyber posture problem, enabling customers to truly understand their IT and Cloud estate and control for drifts.”  -Mike Petronacci, VP Product Platform, SentinelOne

The Noetic Cyber platform discovers and correlates assets across cloud and on-prem, understands the relationship and context of assets, delivers insight into the security risk that they represent, and provides an easy way to identify and close coverage gaps in the cyber posture of an enterprise. As investors, we were impressed with Noetic’s strong platform capabilities and coverage for the modern tech stack.

“Noetic Cyber is differentiated across its graph-based map of cloud and on-prem assets and entities, extensible query interface, and robust orchestration layer.”  -Matan Mates, Innovation Lead, SentinelOne

S Ventures is on a mission to invest in category-defining security and data companies, and we believe Noetic Cyber is doing just that for CAASM, the Cyber Asset Attack Surface Management market. This new approach to asset visibility and security posture is an important part of SentinelOne’s vision for a more secure future.

We undertook an in-depth analysis of the CAASM market before choosing to invest, and Noetic Cyber emerged as the ideal partner. We announced our integration with Noetic earlier in the year, through which our combined offerings provide customers with attack surface visibility, detection, and response from Singularity XDR with the automated asset management capabilities of Noetic Cyber (you can read more about the integration here).

With the S Ventures investment and Singularity XDR partnership with Noetic Cyber, we can provide security teams around the world with complete security visibility across XDR and CAASM.