Network Help for Midsize Businesses

SentinelOne's Singularity product family is a subscription-based, cloud-centric threat management platform that includes AI software and expert services to deliver comprehensive endpoint detection and response (Singularity Control and Complete) and managed detection and response (Singularity Complete with Vigilance MDR). SentinelOne's low-profile agents can be installed in a few minutes to defend endpoints against modern cyberthreats such as ransomware, familiar and zero-day malware, trojans, hacking toolkits, RAM exploits, malicious scripts, harmful macros, and living-off-the-land (LotL) attacks. Singularity software agents are available for Windows, macOS, Linux, and Kubernetes powered endpoints. Compatible deployment models include physical, virtual, VDI, customer and hybrid data centers, and cloud service providers. Since SentinelOne software agents operate autonomously, they are able to deliver advanced behavior-based security in real time even when endpoints are not interfaced to the cloud.

Progent is a SentinelOne Partner and dealer and manages thousands of endpoints secured by SentinelOne Singularity technology. SentinelOne Singularity is invariably the first incident response software deployed by Progent to gain control and visibility of a client's network in the first stages of a ransomware breach. SentinelOne is also the key EDR software powering Progent's Active Security Monitoring managed services. SentinelOne was recognized as a top visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and scored the most analytic detections in real-time with zero delays during the gold-standard MITRE ATT&CK Phase 4 Evaluation. According to Gartner's assessment, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also outscored all competitors for every use case in Gartner's evaluation of Critical Capabilities for Endpoint Protection Platforms (EPPs).

Singularity Packages for SentinelOne Endpoint Detection and Response
SentinelOne's Singularity family includes several levels of endpoint protection product packages provided as a global SaaS solution that delivers high availability, hierarchical policy management by site and group, AI powered threat intelligence, rapid restoration, and a data-driven console for security analytics. Bundles consist of Control for enhanced management, Complete for smart root cause analysis, and Complete with Vigilance MDR for 24/7 advanced monitoring and response. The product tiers are additive. Control and Complete each include all the features and options of the level beneath it. Subscription rates begins at $10 for each endpoint per month for smaller customers with appropriate discounts for larger deployments. There is no minimum endpoint count.

The SentinelOne Control Package
The SentinelOne Control Package is the base software and is 100% maintained by the client. For some examples: Endpoint agents need to be updated in the SentinelOne portal, allow rules need to be set, exclusions need to be made, blacklists should be created, threats must be responded to, and many other day-to-day activities that someone in your organization needs to manage and maintain. SentinelOne is just like any other security product in that it has frequent updates to keep its defenses current. Progent can assist with or directly handle these items, but there is additional time and materials billing for all services performed.

With the Control Package you manage your own portal and while Progent and SentinelOne personnel are monitoring and or receiving alerts of serious threats in your environment, we have no authorization to do any work in your environment and will only do best efforts to alert you in case of a serious threat.

Major Features of the SentinelOne Control Package include:

• Endpoint Prevention (EPP) to stop a broad range of malware, Trojans, hacking tools, and ransomware before they start
• ActiveEDR Basic for Endpoint Detection and Response (EDR) operates in real-time with or without cloud access. ActiveEDR identifies the latest malware, script misuse and other fileless attacks as they try to do damage.
• ActiveEDR Recovery gets users up and running quickly and includes full repair as well as rollback for all non-legacy versions of Microsoft Windows.
• Device Control for Policy-based control of all USB and Bluetooth devices (Win, Mac)
• Firewall Control for Policy-based control of network connectivity to and from assets, including location awareness (Win, Mac, Linux)
• Security Vulnerability Management, in addition to Application Inventory, for details of 3rd party applications that have known vulnerabilities mapped to the MITRE CVE cybersecurity database
• Secure Remote Shell support for direct endpoint access by event responders and forensics personnel
• Autonomous SentinelOne agent Storyline Engine
• Combined Static AI and SentinelOne Cloud Intelligence file-based assault prevention
• Behavioral AI fileless attack detection
• Autonomous Threat, Remediation, and Rollback Response
• Quarantine device from system, Incident Analysis, Agent Anti-tamper, Application inventory
• Rogue device discovery

• Co-Managed environment with Progent receiving alarms and notices of all activities in your environment. Clients are responsible for reacting to threats in their environment and optional support time and material is available from Progent's security experts
• ActiveEDR Advanced provides visibility of all non-threatening data.
• ActiveEDR Advanced provides high-level threat hunting. SentinelOne is differentiated by the the ease-of-use personified by the active nature of the solution in autonomously reacting to threats.
• Storyline technology for Automated Forensics and quick root cause analysis. All OS storylines are automatically contextualized with SentinelOne’s patented TrueContext function, simplifying analysts' laborious task of event correlation before they can arrive at root causes with reduced MTTR.
• Storyline Active Response (STAR) mitigates zero-day threats with customized detection and hunting rules.
• Deep visibility Storyline Pivot and Hunt technology by MITRE ATT&CK technique
• EDR Hunting Data storage ranging from 14 days standard to 365 days optional
• Timelines, file fetch, file integrity monitoring, sandbox integrations
• Other response options are available and customized to your needs. Includes one hour of training in key features and day-to-day management of the SentinelOne portal. During this time, Progent will train in the creation of Exclusions, Blocklists, Mitigation, Agent Updates, Notifications, Client Reports, Application Features, Activity Logs and UI configuration Alerts.

Complete with Vigilance Respond Managed Detection and Response (MDR) Services
Vigilance Respond and Vigilance Respond Pro are optional Managed Detection and Response services for subscribers to the Singularity Complete bundle. These bundles include digital forensics and full 24x7x365 incident response delivered by Tier-1, Tier-2, and Tier-3 IT security experts. Vigilance Respond services include validation of threats, event prioritization, false positive management and dashboard cleanup, proactive threat deactivation, management reporting, SLAs, and escalation back to the customer's cybersecurity organization.

Vigilance MDR analysts classify detected threat notifications according to a hierarchy going from Benign False Positive to Urgent True Positive. This ranking dictates how the analyst handles the threat. There are five categories of threats and consequent responses. The majority of alerts do not require action by the customer.

Benign Alert - False Positive
Vigilance takes care of the issue and updates the SentinelOne console. For single False Positive alerts, no additional actions or notifications are required. For repeated False Positive alerts, Vigilance will escalate the issue to the client to offer or approve an appropriate exclusion or agent update as required.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program
Vigilance takes action to ensure the threat is blacklisted, resolved, and annotated. Usually, no alert will be sent to the client unless the issue requires additional work.

Malicious Alert - True Positive / No Action Needed
Vigilance performs appropriate actions including remediation to ensure the threat is isolated. Once the analyst confirms the threat is eliminated, the analyst will transmit a verification notice to the customer.

Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance performs proper actions including remediation to make sure the threat is isolated. Once the analyst confirms the threat is deleted, the analyst will send a confirmation alert to the client. Follow-up procedures such as re-imaging may be necessary in some cases.

Malicious Alert - True Positive Urgent / Action Necessary
Vigilance may react strongly in serious breach incidents including pursuing agent remediation actions and disconnecting affected network endpoints to stall the attack and block additional lateral movement and spread. The analyst will send an urgent alert apprising the customer of the issue and ask for immediate response.

In addition to providing all the features of SentinelOne Control and SentinelOne Complete, SentinelOne Complete with Vigilance MDR adds round-the-clock Monitoring with Immediate Threat Response, Remote Script Orchestration, and Ranger:

• Co-Managed Solution with Progent receiving alerts and notifications of all threats and activities in your system and combined SOC response, offering 3 levels of 24x7x365 Detection and Response. All threats are mitigated and responded to in near real-time. Additional remediation alternatives following threat mitigation are offered and customized to meet your individual requirements.
• Remote Script Orchestration enables enterprises to send scripts to a single machine, several machines, or even millions of machines, to respond to present and future cyberattacks instantly. Security Teams can dispatch custom scripts or choose from a broad selection of tasks – ranging from incident response to forensics artifact collection and even IT administration. In conjunction with SentinelOne Storyline Active Response (STAR), analysts can save time with automated workflows that take incident response to a higher level.
• Ranger allows unparalleled visibility into your system. Ranger is network-efficient by intelligently designating a few SentinelOne agents for each subnet to undertake network mapping activity. Selected "Rangers" passively track network broadcast data including ARP, DHCP, and other network observances. Admins can modify active scan policies and select multiple IP Protocols for machine learning including ICMP, SNMP, UDP, TCP, SMB, and others. Rangers correlate all collected information within the backend to fingerprint known and unknown devices. Ranger device inventories show what is connected to your system, where they are connected, and which protocols the devices listen on. Ranger allows you to discover and eliminate SentinelOne Agent deployment gaps using Ranger Deploy, a peer-to-peer deployment (Windows, Mac, Linux). Ranger allows you to determine how unknown devices communicate with managed hosts and isolate suspicious devices from managed devices with a click.

Download Progent's SentinelOne Singularity Packages Datasheets
Download datasheets describing Progent's SentinelOne Singularity products and services:

• Overview of Progent's SentinelOne Singularity Packages (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Control Package (PDF - 210 KB)
  

• Progent's SentinelOne Singularity Complete Package (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Complete with MDR Package (PDF - 223 KB)
  

The Progent Advantage
Progent's roster of more than 150 consultants includes certified experts in every facet of information technology associated with small and mid-size businesses. With this scope of knowledge, Progent can be your single point of contact for integrating a comprehensive security solution that delivers immediate business value. In addition to the endpoint protection available from SentinelOne products, Progent offers a catalog of managed services and specially-priced IT support packages designed to assist small and mid-size businesses to plan, implement, test, and manage networks that deliver enterprise-level security and low TCO.

Progent offers in-depth experience with all the endpoint devices, servers and virtual machines that can be secured by SentinelOne products. Progent offers services that include Windows 11 migration expertise, Windows 10 management, Linux integration, Mac OS X and macOS support, iPhone and iPad consulting, Android consulting, Windows Server 2022 integration expertise, Windows Server 2019 migration expertise, Hyper-V virtualization consulting, and VMware vSphere support consulting.

For single-click or manual rollback capability, Progent's Windows Server consultants can assist you to configure Windows Volume Shadow Copy Service (VSS). Progent also offers online and onsite access to certified Cisco CCIE experts to assist you to plan, defend or optimize your infrastructure. If your network incorporates cloud resources, Progent offers the support of Microsoft Azure experts, Amazon AWS consultants, and Google Cloud integration experts.

Contact Progent about SentinelOne Sales and Configuration Services
To learn more about how Progent can help you to purchase or integrate SentinelOne products, call 1-800-993-9400 or visit Contact Progent.