Network Support for Small and Mid-size Businesses

SentinelOne's Singularity product family is a subscription-based, cloud-centered cyberthreat management stack that features computer learning software and expert services to provide comprehensive endpoint detection and response (Singularity Control and Complete) and managed detection and response (Singularity Complete with Vigilance MDR). SentinelOne's low-profile software agents can be installed in a few minutes to protect endpoints against increasingly sophisticated cyberthreats such as ransomware, familiar and zero-day malware, trojans, hacking toolkits, RAM exploits, script misuse, harmful macros, and living-off-the-land (LotL) abuse. Singularity software agents are offered for Microsoft Windows, macOS, Linux distributions, and Kubernetes endpoints. Supported deployment models include physical, virtual, VDI, customer and hybrid data centers, and cloud service providers. Because SentinelOne agents are autonomous, they can deliver cutting-edge behavior-based security in real time even during periods when endpoints are not cloud connected.

Progent is a SentinelOne Partner and reseller and manages thousands of endpoints protected by SentinelOne Singularity technology. SentinelOne is always the first endpoint response software deployed by Progent to provide control and visibility of a customer's network in the first stages of a ransomware breach. SentinelOne Singularity is also the root EDR software behind Progent's Active Security Monitoring (ASM) services. SentinelOne was ranked as a top visionary in Gartner's 2022 Magic Quadrant for Endpoint Protection Platforms and attained the highest number of high-quality detections in real-time with zero delays during the 2022 MITRE ATT&CK Phase 4 Evaluation. Gartner concludes, "This reaffirms its (SentinelOne's) ability to detect all attacks and provide full details of the techniques and tactics used." SentinelOne also outscored all competitors for each use case in Gartner's assessment of Critical Capabilities for Endpoint Protection Platforms.

Singularity Bundles for SentinelOne Endpoint Security
SentinelOne's Singularity product line includes several tiers of endpoint protection product packages delivered as a worldwide cloud-based platform that delivers high availability, centralized policy management by site and group, AI driven threat intelligence, rapid restoration, and a data-driven console for security analytics. Bundles consist of Control for advanced management, Complete for smart forensics, and Complete with Vigilance MDR for 24/7 advanced monitoring and response. The feature sets are additive. Control and Complete each include all the features of the level below it. Subscription rates starts at $10 for each endpoint per month for small customers with significant discounts for bigger deployments. Progent has no minimum device requirement.

The SentinelOne Control Package
The SentinelOne Control Package is the base software and is 100% maintained by the client. For some examples: Endpoint agents need to be updated in the SentinelOne portal, allow rules need to be set, exclusions need to be made, blacklists should be created, threats must be responded to, and many other day-to-day activities that someone in your organization needs to manage and maintain. SentinelOne is just like any other security product in that it has frequent updates to keep its defenses current. Progent can assist with or directly handle these items, but there is additional time and materials billing for all services performed.

With the Control Package you manage your own portal and while Progent and SentinelOne personnel are monitoring and or receiving alerts of serious threats in your environment, we have no authorization to do any work in your environment and will only do best efforts to alert you in case of a serious threat.

Features of the SentinelOne Control Package include:

• Endpoint Prevention (EPP) to block a wide variety of malware, Trojans, hacking tools, and ransomware before they can get a foothold
• ActiveEDR Basic for Endpoint Detection and Response (EDR) operates in real-time even without cloud access. ActiveEDR detects highly sophisticated malware, script misuse and other fileless assaults as they attempt to do damage.
• ActiveEDR Recovery gets users up and running quickly and includes full remediation as well as rollback for all non-legacy versions of MS Windows.
• Endpoint Control for Policy-based management of all USB and Bluetooth devices (Windows, Mac)
• Firewall Control for Policy-based control of network connectivity to and from assets, including location awareness (Win, Mac, Linux)
• Security Vulnerability Management, along with Application Inventory, for insight into third party apps with recognized vulnerabilities mapped to the MITRE CVE cybersecurity dictionary
• Full Secure Remote Shell capability for direct endpoint access by event responders and forensics personnel
• Autonomous SentinelOne agent Storyline Engine
• Integrated Static AI and SentinelOne Cloud Intelligence file-based assault prevention
• Behavioral AI fileless attack detection
• Autonomous Threat, Remediation, and Rollback
• Quarantine device from system, Incident Analysis, Agent Anti-tamper, App inventory
• Rogue endpoint discovery

• Co-Managed solution with Progent being sent alarms and notices of all threats and activities in your environment. Customers are responsible for reacting to issues in their environment and optional assistance time and material is available from Progent
• ActiveEDR Advanced adds visibility of all non-threatening data.
• ActiveEDR Advanced adds enterprise threat hunting. SentinelOne is differentiated by the the ease-of-use characterized by the active quality of the solution in autonomously reacting to attacks.
• Storyline technology for Automated Forensics and quick root cause analysis. All OS storylines are automatically contextualized with SentinelOne’s patented TrueContext technology, streamlining analysts' laborious job of event correlation so they can arrive at the root cause with reduced MTTR.
• Storyline Active Response mitigates zero-day attacks with custom detection and hunting rules.
• Deep visibility Storyline Pivot and Hunt technology by MITRE ATT&CK technique
• EDR Hunting Data retention from 14 days standard to one year optional
• Timelines, file fetch, file integrity monitoring, sandbox integrations
• Other response alternatives are available and personalized to your requirements. Includes 1 hour of training in advanced features and day-to-day management of the SentinelOne portal. During this time, Progent will train in the creation of Exclusions, Blocklists, Mitigation, Agent Updates, Notifications, Client Reports, Application Features, Activity Logs and UI configuration Alerts.

Complete with Vigilance Respond Managed Detection and Response (MDR) Services
Vigilance Respond and Vigilance Respond Pro are optional MDR programs for subscribers to the Singularity Complete bundle. These bundles include full 24x7x365 incident response provided by Tier-1, Tier-2, and Tier-3 cybersecurity experts. Vigilance Respond services include validation of cyberthreats, event prioritization and triage, false positive handling and dashboard updating, threat containment, management reporting, SLAs, and escalation to the customer's cybersecurity organization.

Vigilance MDR consultants rank threat notifications based on a threat-handling hierarchy going from Benign False Positive to Malicious Urgent. This ranking determines how the Vigilance analyst handles the detected threat. There are five classes of threats and associated responses. Most alerts do not require a response by the client.

Benign Alert - False Positive
Vigilance resolves the issue and updates the SentinelOne dashboard. For single False Positive alerts, no other responses or notifications are needed. For repeated False Positive alerts, Vigilance will escalate the issue to the customer to submit or approve an appropriate exclusion or agent update as needed.

Malicious Alert - True Positive Non-Urgent, Potentially unwanted Program
Vigilance responds to make sure the threat is blocklisted, resolved, and annotated. Usually, no notification will be transmitted to the customer unless the issue calls for additional activity.

Malicious Alert - True Positive / No Action Needed
Vigilance performs appropriate actions including remediation to make sure the threat is isolated. After the analyst confirms the threat is eliminated, the analyst will transmit a verification alert to the customer.

Malicious Alert - True Positive Non-Urgent / Action Needed
Vigilance performs proper actions including remediation to ensure the threat is isolated. After the SentinelOne analyst verifies the threat is eliminated, the analyst will send a confirmation alert to the customer. Follow-up activity such as re-imaging may be called for in certain cases.

Malicious Alert - True Positive Urgent / Action Necessary
Vigilance may respond strongly in high priority breach incidents including pursuing agent remediation actions and isolating affected network devices to stall the attack and block additional lateral movement and spread. The analyst will transmit a proactive alert apprising the customer of the situation and request immediate response.

In addition to providing all the features of SentinelOne Control and SentinelOne Complete, SentinelOne Complete with Vigilance MDR adds 24x7 Monitoring with Near Real Time Threat Response, Remote Script Orchestration, and Ranger:

• Fully Co-Managed Environment with Progent seeing alerts and notifications of all threats and activities in your system and combined SOC response, providing 3 levels of 24x7x365 Detection and Response. Threats are neutralized and responded to in close to real-time. Further remediation options following threat mitigation are offered and tailored to meet your organization's needs.
• Remote Script Orchestration empowers enterprises to send scripts to one machine, a few hundred machines, or even millions of machines, to respond to present and future cyberattacks instantly. Security Teams can dispatch customized scripts or pick from a wide selection of tasks – ranging from incident response to forensics artifact collection and even IT administration. In conjunction with SentinelOne Storyline Active Response (STAR), analysts can save time with automated workflows that promote incident response to a higher level.
• Ranger provides unmatched visibility into your environment. Ranger is network-efficient by intelligently electing a small number of SentinelOne agents for each subnet to participate in network mapping missions. Selected "Rangers" passively listen for network broadcast data including ARP, DHCP, and other network observances. Admins can tailor active scan policies and specify multiple IP Protocols for learning including ICMP, SNMP, UDP, TCP, SMB, and more. Rangers correlate all learned information within the backend to characterize familiar and unknown devices. Ranger device inventories show what is connected to your environment, where they are attached, and which protocols the devices listen on. Ranger permits you to expose and close SentinelOne Agent deployment gaps using Ranger Deploy, a peer-to-peer deployment (Windows, Mac, Linux). Ranger enables you to monitor how unfamiliar devices communicate with managed hosts and quarantine suspect devices from managed devices with a single click.

Download Progent's SentinelOne Singularity Packages Datasheets
Download datasheets describing Progent's SentinelOne Singularity products and services:

• Overview of Progent's SentinelOne Singularity Packages (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Control Package (PDF - 210 KB)
  

• Progent's SentinelOne Singularity Complete Package (PDF - 214 KB)
  

• Progent's SentinelOne Singularity Complete with MDR Package (PDF - 223 KB)
  

The Progent Advantage
Progent's team of more than 150 consulting professionals includes experts in every aspect of information technology related to small and mid-size organizations. With this breadth of expertise, Progent can be your single point of contact for integrating a cohesive security solution that delivers significant business value. In addition to the endpoint security provided by SentinelOne products and services, Progent offers a catalog of managed services and specially-priced IT support packages created to help SMBs to design, implement, test, and administer networks that deliver enterprise-level security and low total cost of ownership.

Progent offers expertise in all the endpoints, servers and virtual machines that can be secured by SentinelOne technologies and services. Progent offers services that include Windows 11 planning and migration expertise, Windows 10 management, Linux support, Mac OS X and macOS consulting, iPhone and iPad support, Android integration, Windows Server 2022 migration expertise, Windows Server 2019 integration consulting, Hyper-V virtualization support, and VMware vSphere configuration consulting.

For fast rollback, Progent's Windows Server experts can help you to configure Windows Volume Shadow Copy Service (VSS). Progent also offers online and onsite access to certified Cisco CCIE experts to help you to design, defend or optimize your infrastructure. If your network relies on cloud resources, Progent offers the guidance of Microsoft Azure consultants, Amazon AWS consultants, and Google Cloud integration experts.

Contact Progent about SentinelOne Sales and Integration Services
To find out more about how Progent can assist you to purchase or configure SentinelOne products, call 1-800-993-9400 or see Contact Progent.