Computer Help for Medium-size Companies

SentinelOne's Singularity product line is a subscription-based, cloud-centric cyberthreat management platform that includes computer learning software and professional services to provide comprehensive endpoint detection and response (Singularity Control and Complete) and managed detection and response (Singularity Complete with Vigilance MDR). SentinelOne's low-profile agents can be loaded in minutes to guard popular endpoints against modern cyberthreats such as ransomware, familiar and zero-day malware, trojan viruses, hacking tool sets, RAM exploits, malicious scripts, harmful macros, and living-off-the-land (LotL) abuse. SentinelOne agents are available for Windows, Apple macOS, Linux distributions, and Kubernetes powered endpoints. Supported deployment models include physical, virtual, VDI, customer and hybrid data centers, and cloud service providers. Because SentinelOne agents operate autonomously, they are able to provide advanced behavior-based security in real time even when endpoints are not interfaced to the cloud.

Progent is a SentinelOne Partner and reseller and oversees thousands of endpoints protected by SentinelOne technology. SentinelOne Singularity is always the initial endpoint response tool activated by Progent to gain control and visibility of a customer's network in the first stages of a ransomware recovery. SentinelOne Singularity is also the key technology powering Progent's Active Security Monitoring managed services. SentinelOne has been ranked as a top visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and scored the most correlated tactics and techniques in real-time during the gold-standard MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also outscored all competitors for each use case in Gartner's assessment of Critical Capabilities for Endpoint Protection Platforms (EPPs).

Singularity Bundles for SentinelOne Endpoint Detection and Response
SentinelOne's Singularity product line includes several tiers of endpoint security product bundles provided as a worldwide cloud-based solution that features high availability, hierarchical policy management by site and group, AI powered threat intelligence, fast recovery, and a data-driven console for cyberthreat analytics. Bundles consist of Control for enhanced management, Complete for automated root cause analysis, and Complete with Vigilance MDR for 24/7 advanced monitoring and response. The product tiers are additive. Control and Complete each have all the features and options of the tier beneath it. Subscription rates begins at $10 for each endpoint per month for small customers with significant discounts for bigger accounts. There is no minimum device count.

The SentinelOne Control Package
The SentinelOne Control Package is the base software and is 100% maintained by the client. For some examples: Endpoint agents need to be updated in the SentinelOne portal, allow rules need to be set, exclusions need to be made, blacklists should be created, threats must be responded to, and many other day-to-day activities that someone in your organization needs to manage and maintain. SentinelOne is just like any other security product in that it has frequent updates to keep its defenses current. Progent can assist with or directly handle these items, but there is additional time and materials billing for all services performed.

With the Control Package you manage your own portal and while Progent and SentinelOne personnel are monitoring and or receiving alerts of serious threats in your environment, we have no authorization to do any work in your environment and will only do best efforts to alert you in case of a serious threat.

Major Features of the SentinelOne Control Package include:

• Endpoint Prevention (EPP) to block a wide variety of malware, Trojans, hacking tools, and ransomware before they can start
• ActiveEDR Basic for Endpoint Detection and Response (EDR) works in real-time with or without cloud access. ActiveEDR identifies the latest malware, script misuse and other fileless attacks as they attempt to do compromise your network.
• ActiveEDR Recovery gets users back in business in minutes and features 100% repair as well as rollback for all non-legacy versions of MS Windows.
• Device Control for Policy-based control of all USB and Bluetooth devices (Win, Mac)
• Firewall Control for Policy-based control of network connectivity to and from assets, including location awareness (Win, Mac, Linux)
• Vulnerability Management, in addition to Application Inventory, for details of 3rd party apps that have known vulnerabilities mapped to the MITRE CVE cybersecurity database
• Full Secure Remote Shell support for direct endpoint connection by event responders and forensics team
• Autonomous SentinelOne agent Storyline Engine
• Combined Static AI and SentinelOne Cloud Intelligence file-based assault defense
• Behavior-based AI fileless attack detection
• Autonomous Threat, Remediation, and Rollback
• Quarantine device from system, Incident Analysis, Agent Anti-tamper, App inventory
• Rogue device discovery

• Co-Managed environment with Progent being sent alarms and notices of all threats in your environment. Customers are responsible for reacting to threats in their system and optional support time and material is available from Progent
• ActiveEDR Advanced adds visibility of all non-threatening data.
• ActiveEDR Advanced adds enterprise threat hunting. SentinelOne is differentiated by the the ease-of-use characterized by the active quality of the solution in autonomously reacting to attacks.
• Storyline technology for Automated Forensics and fast root cause analysis (RCA). All OS stories are automatically contextualized with SentinelOne’s patented TrueContext technology, simplifying analysts' laborious task of event correlation so they can arrive at root causes with reduced MTTR.
• Storyline Active Response (STAR) mitigates zero-day threats with customized detection and hunting rules.
• Deep visibility Storyline Pivot and Hunt by MITRE ATT&CK technique
• EDR Hunting Data storage from 14 days standard to one year optional
• Timelines, file fetch, file integrity monitoring, sandbox integrations
• Other response options are offered and customized to your needs. Includes an hour of training in key features and routine management of the SentinelOne portal. During this time, Progent will demonstrate the creation of Exclusions, Blocklists, Mitigation, Agent Updates, Notifications, Client Reports, Application Features, Activity Logs and UI configuration Alerts.

Complete with Vigilance Respond MDR Services
Vigilance Respond and Vigilance Respond Pro are optional MDR programs for subscribers to the Singularity Complete bundle. These bundles include digital forensics and full 24x7 incident response provided by Tier-1, Tier-2, and Tier-3 IT security experts. Vigilance Respond subscriptions include validation of threats, event prioritization and triage, false positive management and console cleanup, accelerated threat resolution, management reporting, SLAs, and escalation to the customer's cybersecurity team.

Vigilance MDR analysts classify detected threat notifications based on a threat-handling hierarchy ranging from Benign False Positive to Malicious Urgent. This ranking dictates how the analyst responds to the detected threat. There are five classes of threats and consequent responses. The majority of alerts require no a response by the client.

Benign Alert - False Positive
Vigilance takes care of the issue and updates the SentinelOne dashboard. For isolated False Positive alerts, no other responses or notifications are needed. For persistent False Positive alerts, Vigilance will escalate the issue to the client to offer or approve a proper exclusion or agent upgrade as required.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program
Vigilance takes action to make sure the threat is blacklisted, resolved, and annotated. Usually, no alert will be transmitted to the customer unless the issue calls for follow up activity.

Malicious Alert - True Positive / No Action Needed
Vigilance takes proper actions including remediation to make sure the threat is isolated. After the analyst verifies the threat is eliminated, the analyst will send a confirmation alert to the client.

Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance takes proper actions including remediation to make sure the threat is isolated. Once the analyst verifies the threat is deleted, the analyst will transmit a verification alert to the customer. Subsequent activity like re-imaging may be called for in certain circumstances.

Malicious Alert - True Positive Urgent / Action Necessary
Vigilance may react aggressively in serious breach incidents including pursuing agent remediation actions and isolating compromised network endpoints to stall the attack and block further lateral movement and spread. The analyst will transmit a proactive alert apprising the customer of the situation and request immediate response.

In addition to including all the functions of SentinelOne Control and SentinelOne Complete, SentinelOne Complete with Vigilance MDR adds round-the-clock Monitoring with Near Real Time Threat Response, Remote Script Orchestration, and Ranger:

• Fully Co-Managed Solution with Progent receiving alerts and notifications of all threats and activities in your system and combined SOC response, providing 3 levels of 24x7x365 Detection and Response. All threats are neutralized and responded to in close to real-time. Further remediation alternatives following threat mitigation are available and tailored to meet your individual needs.
• Remote Script Orchestration enables enterprises to send scripts to one machine, several machines, or even millions of machines, to respond to current and future cyberattacks instantly. Security Teams can send tailored scripts or choose from a wide selection of tasks – ranging from incident response to forensics artifact collection and even IT administration. In combination with SentinelOne Storyline Active Response, analysts can save time with automated workflows that take incident response to the next level.
• Ranger provides unparalleled visibility into your system. Ranger is network-efficient by intelligently electing a small number of SentinelOne agents for each subnet to undertake network mapping activity. Selected "Rangers" passively listen for network broadcast data such as ARP, DHCP, and other network observances. Admins can customize active scan policies and specify multiple IP Protocols for machine learning including ICMP, SNMP, UDP, TCP, SMB, and more. Rangers correlate all learned information within the backend to characterize familiar and unknown devices. Ranger device inventories show what is attached to your system, where they are attached, and what protocols the devices listen on. Ranger enables you to discover and close SentinelOne Agent deployment oversights with Ranger Deploy, a peer-to-peer deployment (Windows, Mac, Linux). Ranger permits you to monitor how unknown devices communicate with managed hosts and isolate suspicious devices from managed devices with a click.

Download Progent's SentinelOne Singularity Packages Datasheets
Download datasheets describing Progent's SentinelOne Singularity products and services:

• Overview of Progent's SentinelOne Singularity Packages (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Control Package (PDF - 210 KB)
  

• Progent's SentinelOne Singularity Complete Package (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Complete with MDR Package (PDF - 223 KB)
  

The Progent Advantage
Progent's roster of more than 150 consultants includes certified experts in every facet of network technology related to small and mid-size organizations. With this scope of expertise, Progent can be your single point of contact for building and managing a comprehensive security solution that offers significant business value. In addition to the endpoint protection provided by SentinelOne products, Progent offers a catalog of managed services and specially-priced support packages created to assist small and mid-size businesses to design, implement, test, and administer networks that deliver enterprise-level cybersecurity and low total cost of ownership.

Progent has expertise in all the endpoint devices, servers and virtual machines that can be protected by SentinelOne products. Progent can provide services that include Windows 11 migration consulting, Windows 10 integration, Linux support, Mac OS X and macOS consulting, iPhone and iPad support, Android configuration, Windows Server 2022 migration expertise, Windows Server 2019 integration consulting, Hyper-V virtualization support, and VMware vSphere configuration consulting.

For fast rollback capability, Progent's Windows Server experts can help you to set up Windows Volume Shadow Copy Service (VSS). Progent can also provide remote and onsite support from certified Cisco CCIE consultants to assist you to design, defend or troubleshoot your network infrastructure. If your network relies on cloud resources, Progent can provide the support of Microsoft Azure experts, Amazon AWS consultants, and Google Cloud solutions experts.

Contact Progent about SentinelOne Sales and Configuration Services
To find out more about how Progent can help you to purchase or integrate SentinelOne endpoint security products, call 1-800-993-9400 or see Contact Progent.