Endpoint security firm SentinelOne challenges traditional anti-virus software

Next-generation endpoint protection vendor SentinelOne has received the same certification that many traditional antivirus platforms seek, meaning it can be considered suitable for meeting certain requirements of industry and governmental regulations.

The company's new endpoint protection platform, called EPP, has won an Approved Corporate Endpoint Protection seal of approval from AV-Test, a firm that evaluates and certifies a range of security products. The seal of approval means the device meets AV-Test standards, and those standards carry weight in determining whether corporate defenses comply with regulations.

+More on Network World: Next-generation endpoint protection not as easy as it sounds+

"AV-Test is a good indicator of how a antimalware system will block threats," says Peter Firstbrook, an analyst with Gartner. "SentineOne did very well considering they don't use any signatures, just behavior blocking.  So yes I would say that it qualifies as a replacement for existing AV which is significant because very few other new antimalware solutions have taken this step (being tested) or would even claim to replace current AV solutions," Firstbrook said in an email.

He noted that while EPP could replace traditional anti-virus software, it is also compatible with them, so businesses wouldn't have to rip out their current software.

SentinelOne faces a long list of competitors including Palo Alto Networks, Bit9+Carbon Black, FireEye, LightCyber and Tanium.

Unlike traditional anti-virus software, EPP does not rely on signature libraries to find known malware. Instead it uses the behavior of the endpoints what the company calls dynamic execution patterns - to determine whether an endpoint is being compromised. About 160 of those patterns catch the same amount of malware as millions of signatures, says SentinelOne CEO Tomer Weingarten.

In addition to catching malware EPP can remediate infections by quarantining files, killing processes and returning endpoints to known good states, he says.

EPP performs passive scanning of endpoints, indexes files of interest and sends metadata about them to the cloud where they are given threat reputation scores. If the scores break policy thresholds, they can be deleted.

"Think of this data like the black box on a plane," says Firstbrook. "If an incident does occur you have a full recording of its effect on the system and (hopefully) the company." Gartner calls this type of capability Endpoint threat Detection and Remediation (EDR).  

He says that history feature makes EPP more complex than a typical anti-virus product, but it has a fairly simple dashboard for managing it. He notes that SentinelOne is a relatively new company, "so will likely growing pains in support and services (like any startup), and although they did well in one AV-Test it doesn't mean they will continue to do well."

SentinelOne was founded in 2013 and has $15 million in funding from Tiger Global, Accel Partners and Data Collective, Weingarten says. Its founders are Weingarten and Almog Cohen, the former head of innovation at Check Point Software.


Tim Greene

Zur Startseite